Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:Win32/Reveton!lnk [Solved]


  • This topic is locked This topic is locked

#1
Ren12

Ren12

    Member

  • Member
  • PipPipPip
  • 180 posts
Hello. It seems like besides the redirect virus i have a bunch of other problems. The viruses keep downloading new viruses and destroying my computer.A lot of things dont work and everything keeps crashing.



My operating system is windows 7. I'm pretty sure it's not just one threat but a bunch of things.







OTL logfile created on: 1/18/2013 5:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renato\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.35% Memory free
15.98 Gb Paging File | 11.99 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 686.77 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.58 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: RENATO-PC | User Name: Renato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 17:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renato\Downloads\OTL.exe
PRC - [2013/01/10 16:44:12 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/09 22:21:45 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Renato\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/01/08 16:00:47 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/07/12 21:31:52 | 000,038,744 | ---- | M] (NCSoft) -- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/06 14:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/02 04:46:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/17 15:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 22:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/14 15:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/07 03:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/19 17:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 17:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 17:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 21:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/08 08:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Renato\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 16:58:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\5fdfd676b93bf5c360b3c9cebb487041\System.Management.ni.dll
MOD - [2013/01/10 16:42:51 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 03:50:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:49:59 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\9ab959718fcc295dab75afe22df31a22\System.Design.ni.dll
MOD - [2013/01/10 03:49:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e95c75bede9a6ba6654d3a5e56da7e86\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:49:40 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1dee14dc339e8947f4401423e2435617\System.Data.ni.dll
MOD - [2013/01/10 03:49:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\91c62efba9d18a59a8aef37729cb5c6d\PresentationFramework.ni.dll
MOD - [2013/01/10 03:49:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e11a4e079e3ac9b1a8881e7fd0e5cbf0\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:49:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f045547dc39be38a6c3348b524b5d96\System.Drawing.ni.dll
MOD - [2013/01/10 03:49:02 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/01/10 03:49:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e397d6058a96fc5b768e330256867567\PresentationCore.ni.dll
MOD - [2013/01/10 03:48:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\49100533f4f9d3bf97a57c5424b51c2b\WindowsBase.ni.dll
MOD - [2013/01/10 03:48:48 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\eefabd771006f3b2d753533c53371416\System.Security.ni.dll
MOD - [2013/01/10 03:48:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\39cb017c2a46136cf3ca8a877d4fa741\System.Xml.ni.dll
MOD - [2013/01/10 03:48:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\35a8c4dd1bd18d6100a4974aa272761c\System.Configuration.ni.dll
MOD - [2013/01/10 03:48:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f3bcf05501f25211734e003e40c1fc4d\System.ni.dll
MOD - [2013/01/10 03:48:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/08 16:00:46 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/11/23 17:09:27 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/07/12 21:31:55 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\NCSoft\Launcher\UnRar.Net.dll
MOD - [2012/07/12 21:31:53 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\NCSoft\Launcher\NC.Logging.dll
MOD - [2012/03/08 15:36:24 | 012,290,432 | ---- | M] () -- C:\Users\Renato\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2012/03/08 15:36:20 | 001,699,200 | ---- | M] () -- C:\Users\Renato\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2011/10/23 19:18:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/04/01 14:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 14:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Verizon\VSP\Windows7Features.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2009/12/01 22:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/10/14 15:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/09/29 18:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 18:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 18:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 18:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 18:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 18:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 18:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 18:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/21 11:30:16 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/10/10 16:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/01 01:58:10 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/24 12:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 12:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 12:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/07 03:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/18 16:08:16 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/10 16:44:10 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 16:00:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/04/05 14:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/02/16 14:31:12 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/22 12:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/01 04:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/01 04:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/01 01:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/28 12:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/07 10:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 03:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 03:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/06 08:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 20:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/07 10:18:53] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C9B3E73D-3E54-4289-821F-DF4FC0BA4351}
IE:64bit: - HKLM\..\SearchScopes\{8365DB78-A617-4110-B550-5E692367EC58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{C9B3E73D-3E54-4289-821F-DF4FC0BA4351}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {C9B3E73D-3E54-4289-821F-DF4FC0BA4351}
IE - HKLM\..\SearchScopes\{8365DB78-A617-4110-B550-5E692367EC58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{C9B3E73D-3E54-4289-821F-DF4FC0BA4351}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C9B3E73D-3E54-4289-821F-DF4FC0BA4351}
IE - HKCU\..\SearchScopes\{8365DB78-A617-4110-B550-5E692367EC58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Renato\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Renato\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Renato\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 16:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 16:42:39 | 000,000,000 | ---D | M]

[2010/07/11 16:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renato\AppData\Roaming\Mozilla\Extensions
[2012/10/23 17:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\extensions
[1832/11/28 23:37:17 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\extensions\[email protected]
[2010/08/24 15:17:24 | 000,002,197 | ---- | M] () -- C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\searchplugins\google-search.xml
[2013/01/10 16:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/10 16:44:13 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/20 19:02:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 22:15:51 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Renato\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Renato\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\Renato\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/14 21:18:45 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Renato\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSoft)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Renato\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Spotify] C:\Users\Renato\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Renato\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5AFBFE-0AEC-4C60-BB67-C7A8524E9C34}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50C78B9-022C-4CA0-8F29-AC858A9CCC9F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/14 18:09:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 17:07:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/01/18 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\Programs
[2013/01/12 16:31:46 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\{4F1168C1-D685-4306-BBA7-AAE5506E9608}
[2013/01/11 12:18:41 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\{74EBE99E-79D0-405E-9F04-87D489B31BA8}
[2013/01/10 16:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/09 22:22:02 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\Spotify
[2013/01/09 22:21:22 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Roaming\Spotify
[2013/01/06 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\{85F6A914-A007-4180-836C-A61F8B8CA5EB}
[2012/12/25 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\Renato\AppData\Local\{FEB9894F-297B-4892-9AED-F3AF5590C63C}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 16:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 16:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 16:24:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3591711946-2265182465-2123470179-1001UA.job
[2013/01/18 16:15:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 16:15:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 16:09:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/18 16:09:40 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/18 16:09:40 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/18 16:05:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 16:03:33 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenato.job
[2013/01/18 16:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 16:03:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/01/18 16:03:14 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 16:01:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 15:59:41 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3591711946-2265182465-2123470179-1001Core.job
[2013/01/15 20:27:45 | 000,002,050 | ---- | M] () -- C:\Users\Renato\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/15 18:46:56 | 000,002,285 | ---- | M] () -- C:\Users\Renato\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/13 20:22:06 | 000,006,368 | ---- | M] () -- C:\Users\Renato\AppData\Roaming\wklnhst.dat
[2013/01/10 03:41:50 | 000,426,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 22:22:01 | 000,001,815 | ---- | M] () -- C:\Users\Renato\Desktop\Spotify.lnk
[2013/01/09 20:05:44 | 000,009,216 | ---- | M] () -- C:\Users\Renato\Documents\poem.wps
[2012/12/31 13:05:04 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/12/29 00:14:38 | 000,000,219 | ---- | M] () -- C:\Users\Renato\Desktop\Counter-Strike Global Offensive.url
[2012/12/26 20:53:06 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/12/26 20:24:35 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/26 19:01:12 | 000,000,219 | ---- | M] () -- C:\Users\Renato\Desktop\Dota 2.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/09 22:22:01 | 000,001,815 | ---- | C] () -- C:\Users\Renato\Desktop\Spotify.lnk
[2013/01/09 22:22:01 | 000,001,801 | ---- | C] () -- C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/01/09 20:05:44 | 000,009,216 | ---- | C] () -- C:\Users\Renato\Documents\poem.wps
[2012/12/29 00:14:38 | 000,000,219 | ---- | C] () -- C:\Users\Renato\Desktop\Counter-Strike Global Offensive.url
[2012/12/26 20:24:22 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/26 20:24:20 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/12/26 19:01:12 | 000,000,219 | ---- | C] () -- C:\Users\Renato\Desktop\Dota 2.url
[2012/12/14 16:45:25 | 000,012,656 | -HS- | C] () -- C:\Users\Renato\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/14 16:45:25 | 000,012,656 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/09/08 18:11:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\to3ATAR.dat
[2012/09/08 18:10:55 | 000,000,001 | ---- | C] () -- C:\ProgramData\0351oFMj.exe_.b
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/10 16:25:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/02 18:36:20 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/15 17:18:26 | 000,006,368 | ---- | C] () -- C:\Users\Renato\AppData\Roaming\wklnhst.dat
[2010/07/27 17:12:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/10/24 10:38:02 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\.minecraft
[2010/08/25 17:46:25 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\acccore
[2011/08/17 00:41:25 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Amazon
[2011/05/23 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Bioshock
[2011/03/05 13:50:50 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Braid
[2012/03/01 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\GetRightToGo
[2010/07/13 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\iWin
[2010/07/12 00:35:12 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Leadertech
[2011/03/15 19:31:07 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\LolClient
[2012/05/23 14:47:02 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\LolClient2
[2010/08/27 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Octoshape
[2011/07/13 21:35:07 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\OnLive App
[2012/02/01 17:54:49 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\OpenOffice.org
[2010/09/11 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Panda Security
[2010/07/11 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\PictureMover
[2013/01/18 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Spotify
[2010/09/11 13:20:09 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\SurfSecret Privacy Suite
[2012/11/25 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\SystemRequirementsLab
[2010/10/11 14:03:45 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\TechWizard
[2010/08/15 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Template
[2010/08/17 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Tific
[2011/07/03 17:59:39 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Tropico 3
[2010/07/12 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\WildTangent
[2010/07/14 09:19:43 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\WinBatch
[2010/09/23 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Renato\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/09/24 07:42:27 | 000,000,720 | ---- | M] ()(C:\Users\Renato\AppData\Local\PMB Fik?s) -- C:\Users\Renato\AppData\Local\PMB Fik聥s
[2011/09/24 07:42:05 | 000,000,720 | ---- | C] ()(C:\Users\Renato\AppData\Local\PMB Fik?s) -- C:\Users\Renato\AppData\Local\PMB Fik聥s

< End of report >

Edited by Ren12, 18 January 2013 - 06:15 PM.

  • 0

Advertisements


#2
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
OTL Extras logfile created on: 1/18/2013 5:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renato\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.35% Memory free
15.98 Gb Paging File | 11.99 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.67 Gb Total Space | 686.77 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.58 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: RENATO-PC | User Name: Renato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E34CB57-6FE5-41EF-9706-20450999CD9E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0FB76312-E418-4243-BB38-48934AD124D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10C89F00-98B4-4EE4-B7FA-4897EA208B91}" = rport=445 | protocol=6 | dir=out | app=system |
"{24057D89-19BD-4B4E-979B-C11FA08A4D8E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D713903-810D-40D9-83A1-EEFEB3BE6475}" = rport=10243 | protocol=6 | dir=out | app=system |
"{30850F4C-BAD5-44B7-87A5-23FCC451368E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FDF9F1F-EDB4-408E-9BC1-D8290C2A6E14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{47614AB7-4048-47B2-92DF-3A87A020043F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4933C06F-B28A-4321-8ADA-4562B40CA45B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4BFDAB88-9B78-4390-A05F-D2B6317BBB82}" = rport=137 | protocol=17 | dir=out | app=system |
"{562F4D82-9FB2-4BD6-B319-965F72390E4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{66795A35-C39C-4F36-8FAB-7AB0F879E8DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7A7AD6EF-B32A-40BD-9F5C-7449BF1227C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{81C494B5-B2D6-4BE9-A5CF-254267E03B5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FE6027E-4032-4429-9864-35829B2AA1AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A80D1E67-0305-482A-A95A-4973A8A3B5A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9A8D70B-AF6F-4C93-B346-47BE807C53B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0B29547-D3A2-4C32-8DA4-87E2265B1206}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4B0E66E-1A53-4CCD-92B6-B036AE400D38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9D8B0AC-1AA4-45F0-B379-C53F2A018B9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2FACCC5-08AE-4929-9DD1-C276467590A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D84D077A-7317-487A-9082-BA7B3639D94D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9EDC3D7-907A-4085-839E-E6547618406D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E33D2DB4-24D0-4CBF-9A1C-DBC83F36F872}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6F8CE55-5928-472D-A47D-85C6608EA5FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{FB02BCDB-A8DE-4B7D-A8F3-9D3C2EAEEF6C}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00765D6A-C6A3-479B-855B-902BDF0882BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{017BDE33-C924-475A-8825-D40431347AE3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{02BBBCC9-6136-4013-8AC2-574C0F5DD32A}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{04506BF8-3583-4784-B65F-40927A7A8117}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{052AF0E9-911E-40C8-A3D6-32D7F668270C}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{05313F56-7FAD-463B-8E92-B5A6798189B6}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{09B56CC5-7C56-4258-9A25-C9C3F7C16B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe |
"{0C958D29-40F2-4CDE-826B-85AA86748317}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{0E9A6B69-B07D-4B3A-9F3A-520A162EC111}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{102CDE2B-D8F2-40E6-9737-EBC5CD64AA5E}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{12D8B365-926D-4F1C-B0D7-3BFFCB3B6083}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{139E4C00-FA03-48BA-A604-3CC015C6A447}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1A47ED9F-C147-4438-AA4E-0469B0D85FA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |
"{1A9DD336-DD04-4D1A-BC08-9E0087555FAE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{1AC39752-7BDC-45B4-9405-C8A69F2B6262}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\math.exe |
"{1B4A4B06-356B-43E3-BBF0-9078D9D47BD1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{1E0C8F43-D46E-4A86-8A01-13CB46C3C13A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20A506D9-828D-42E9-B0D2-F459A3692360}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe |
"{22F8BBC5-4654-4A18-9979-22EEE02FF15A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{232AA118-BB71-4918-A60A-0A63BA2A984B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{2CE2389E-9B28-43E6-9ADA-60116D3674FE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2D97D17C-6515-4988-AD2A-BF0373E0A30F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2E4C8F74-A761-4064-89E9-E99A87416CA4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2EA8913C-1B17-4BFA-A7E5-524FF78EF1D2}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{2ECD1E7A-957F-410E-B457-EF2584173740}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{31F71733-3EB8-42D6-94C6-C1BB8E89F189}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe |
"{32AA8613-5089-4D4F-82EF-D5A6667F2756}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33F9C235-2C8C-4A0E-A532-6DA7D21EB8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
"{3467D7AE-CDA0-4C96-879A-0E60CC2D882F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34757EA6-7779-4AEA-A0EF-4AF6B71EA772}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{3585BD20-BCB9-4806-93AB-D71B88BF6860}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{36FF0F79-3B4F-4B01-8C3E-4E2BC9A3AC3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{3752473D-A56D-4ED0-B221-35445A4C2322}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{37AA5F17-89A1-4219-BC27-422775231526}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{3A8EFDCB-351E-4C6A-8270-8D0E932AC481}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{3AE02962-F4A2-48EB-AEDE-F6BD77F56BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3AE052DD-5568-42CF-ADBC-EB0AA54C97FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3BAEF70F-F87A-48CB-8903-5BD32E7806F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3F09CBBB-7338-4C2C-88D4-55277F644CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{3F508E28-AF6C-4813-BE9B-D6C280724BFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{403B9B6D-9EE9-42BD-92AF-A45C220E2DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4173CC4B-E432-491D-ADEF-D6F84239D7F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{43411E47-4F5E-4DA7-B555-4AAE53C3C9A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 3\tropico3.exe |
"{4355058D-69B7-4C52-9204-FF582063FB2C}" = dir=in | app=%systemroot%\system32\skype.exe |
"{4467CF7D-D1B2-420B-8395-3A373ACD7617}" = dir=out | app=%systemroot%\system32\skype.exe |
"{495632AE-0DDD-438D-9F52-3B150F9048FE}" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
"{4AC2A194-1EA2-4C68-9F4F-927D0FBEC3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{4B8A7293-003A-47AB-AC2B-2DC0B9020F64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{4B8FF1A3-1C83-4B97-B584-A38569E20604}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4E1BDC01-1B6C-4118-810B-C7CB95B3E0CF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5169019C-74C4-4A0D-ABAC-B4AAAEDC2831}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{53FBA6E5-8031-45DF-8932-4EC3A99E237A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{56402CD6-45B4-4AA4-8EC3-9271D31FE6F9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{566DDF8A-127C-4BCB-90CB-B6AF5E0E9DDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56E72774-3DB3-4E54-A185-4A0C324B2285}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{5AEC5F4F-BCED-42B2-A7FF-5DBDD5EFA42C}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{6A13202B-B585-4254-8856-765577848E55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B2B5FDC-9249-47A3-8F26-E885D67F52EA}" = protocol=1 | dir=out | [email protected],-28544 |
"{6B859259-D65D-4305-B6B1-E89A061D4459}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E2549D7-5071-4C28-87D4-10D8A80A64FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{70A6FFB5-AAA0-4F8A-A94A-771CDDA929AF}" = protocol=1 | dir=in | [email protected],-28543 |
"{72C8AE32-7F2A-4ACC-BE88-73B2F0AC295D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{79EBC92C-0DB1-47ED-A7AC-99A3B19A5934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7B29E75E-7DA3-491F-934F-9EC4F77E9483}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{7B71896E-2FD5-4D0F-8E95-BA5894212D7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{7BBFAA15-47B2-46E3-BA30-D412B2AB3B1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7C1DED5A-2D39-484F-9157-01C0109BA9A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7ECEB166-68CC-4DB9-84A8-60181A3C8D5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{805111E3-B7C0-49BC-ACB0-45D662ED86BF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{84C36B6B-7DE0-425F-981F-D30C7225DE5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{86F9905E-C5D0-4684-8896-AAC0A5999E48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{87714C32-CA8B-41F9-A55C-ACE481D34CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{87B177B7-D695-43CB-9E0B-B35641F9F05A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{88C589BE-22C9-43CE-922C-6E5397DF2703}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8A3B377E-4C00-490A-AB07-CF1E453C7811}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{8CCF4C31-597D-4BB9-8511-3BA61EEE8924}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{8E0D3421-59BD-49EB-A6B1-A1B507A03125}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{906F5EA0-8A1C-4C1C-A264-F261624F05D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum demo\binaries\win32\trygame-win32-shipping.exe |
"{917AB8F8-552A-4E72-AF16-2197D6CD0D5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93B0C12F-48A6-4E1D-9BBC-CF0675523678}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94455F9A-036B-405A-B299-949BB2C7DBB8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{965E8B2B-5421-4428-94D3-5E2AFAB717C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{9B040973-CF43-41D2-B46E-3723E876C616}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{9F825D1D-360B-478C-883E-7F4F9755F381}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{A10E6282-0831-485B-92AD-F3CF128A358C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{A228C1FE-B63C-4F70-94A9-D31BEE9AF11F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A44F9AA7-E9CF-4D0B-A19C-B6AF3CB18AC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe |
"{A68E8FA3-D748-4A6B-BE0A-37A1F5CB7022}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A6EF1009-618C-4675-8474-0FA5A936F89B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A886EE4B-08F9-4839-9F5E-4350CDC2FDCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9C93C1B-7FE6-4A09-81D7-36F7B67DBC86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{AC6D9BBB-DEBF-4ADE-8C64-D2B71CED2B18}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AE176009-A164-4277-849D-94C9BABAC089}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEB49197-0C19-4D6E-B380-E01E2C58B547}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{B0A0C7A7-166E-4248-8D33-7C32BB2CFFD0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{B1EB3420-0EBC-4A7B-8892-0A9B44A99732}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{B827EA86-244B-401D-ADDB-84E9E833C521}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B8E614F5-7625-47E3-A2CA-E5D66F94E152}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{BACBBC65-3097-4ED4-8752-A3665F667083}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBCE9BE6-6C1B-4123-9E2F-04E12A57B03F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C1084DE7-372D-4424-A0C7-7BCD15225311}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C10A1EF8-ED7F-4952-B2DE-C9C4FE01B8B2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C2168EA1-1050-4027-83C2-3C4B7806B16C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{C2A153B5-67F1-4E0C-8B7C-5F43800026AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{C2BF4897-19F0-4375-9860-8C97A3CC3CD6}" = protocol=58 | dir=out | [email protected],-28546 |
"{C34DE16B-604D-4E38-A811-6F8F787F710B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C70FA9A3-9FC1-43C1-991A-68A95786FE21}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C9CC7E3B-8E88-4C67-8446-11E5C148BA28}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{CA1EA4E1-9E3A-4BE2-9046-C622286D4A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{CACE014A-6000-41B1-A3B0-D3D5009BCFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
"{CC046587-C766-479E-A040-EE0FDC912155}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{CCD65957-2095-48E5-B829-72846BCC2BFE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CE3FA764-45E3-4BC0-A265-845D4CA3AEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{D061EE7D-19F1-424C-9B73-FDD7D195681A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1326735-503D-4234-BE51-C8B439F9E983}" = protocol=6 | dir=out | app=system |
"{D3299942-F6D2-4024-AB59-E17555215B66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum conundrum\binaries\win32\trygame-win32-shipping.exe |
"{DBF8BA79-D8A0-4723-B1B4-72FD82B1815D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E1381D0C-98D1-4A9A-9AB4-D9E237346919}" = dir=in | app=c:\users\renato\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E70D9B3E-DC93-4339-AEB3-210C424B7C51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{E9B33C8D-C61D-4123-8C85-707522E1F24F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ECE1E986-0481-417C-8CD9-92815DBBFF83}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{ED1A7528-1EE3-4BDC-92AB-01998DFB5470}" = protocol=58 | dir=in | [email protected],-28545 |
"{F50A21C2-3573-421A-BEE2-964469D12C75}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\math.exe |
"{F7630F39-8FB3-4B82-A349-0454B464BC9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F990C05F-F747-434A-BF5D-4C9BDBE5EA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{FACB0F34-F9F1-49CB-9AC3-6C490EE33B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{FC99C15E-7889-4153-946A-30574BA6DE2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FD197A84-108B-4E72-A115-AC5CBC65F599}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"TCP Query User{0BDB8447-8AAF-41B6-BDB5-CCF1808F001C}C:\program files (x86)\proun\proun.exe" = protocol=6 | dir=in | app=c:\program files (x86)\proun\proun.exe |
"TCP Query User{14C0B88A-FA38-4175-A8EC-A0C1B272883A}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{1A95587D-37E5-4398-8971-D9C736AFB6E2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{1C2471F3-E6AB-49FE-B35D-63A48C809C80}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{1C68C085-7148-42F9-985E-25BB6A11E080}C:\users\renato\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\renato\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1EE31771-81A5-4F6E-95C0-C1376A03FF8E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{221EFEA2-1AB4-42E5-BBD9-A239538EB326}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{2DE65A3C-0F30-4C23-87EB-A0BC08A7B67C}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{353CEBC6-FBBC-4F01-834E-1692032717E9}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{43D18E57-3486-4829-BEBD-BFB458D24D05}C:\program files (x86)\steam\steamapps\zer012656\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\team fortress 2\hl2.exe |
"TCP Query User{4A98EAE8-3F04-465B-B277-BAEDB8D7F5E7}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{4B171B3A-F864-4CFF-93E5-63D35401F132}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{73F24BA4-4649-484F-8DDD-30C377B6CE08}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{8F243DD4-651B-484C-80E0-F84D4E7AF60B}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{8FCC4CB9-FA5F-40EB-8C59-4539D50CC19B}C:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe |
"TCP Query User{91693EE4-BF89-48F7-9D68-529CD8F964CC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{91858561-DE41-4D9E-AA17-575DBD8FBBEB}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{95166901-8C39-459C-B275-ED8630F8A4D3}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{95B5ABCB-1B5F-4A58-9737-E9E0E3D7C0F2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{9D2321D0-FC4C-48CC-955E-52E2D4AE9445}J:\techwizard.exe" = protocol=6 | dir=in | app=j:\techwizard.exe |
"TCP Query User{B8B440BA-B777-4D7B-B770-6040C28E854F}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{C1999ED7-5260-405A-A0E9-F9E51C6D705D}C:\users\renato\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\renato\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D0D1438A-C110-4371-A53B-31A3C5E6AF99}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{D626186C-1B82-4E51-A1BE-37B266704D50}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{D7A433CA-10B8-478A-AE9F-3547A0C676A5}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{E87A88EA-8B43-4B4C-8BC9-FE19E3BE55C2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{EB5813A1-6CFC-4B00-BD51-8C4D000383EB}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{F0B675FE-0CD0-4A9F-86C2-F3336C17CB1A}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{F6273FBF-00A3-47E1-8CF7-40F27F2D2907}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F6B3DB5C-7980-41D1-B062-A9AC6412DFBB}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{FAEA370E-B7EF-4D55-9245-5C7090BBCCDE}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{FCCFA4CE-854F-43D0-BFB3-89FC2BEE5A6A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{230D7A51-8427-4466-8E3F-86E0470409BA}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{27E54B2B-7092-4525-BE26-5EFB1DAD0B9A}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{2F55B356-3A85-43F6-9085-813C3889A2F7}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3B708B48-D75C-4577-BA91-E198B50660B7}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{40927D50-4E8F-424B-AAAB-3271435BB0E1}C:\program files (x86)\proun\proun.exe" = protocol=17 | dir=in | app=c:\program files (x86)\proun\proun.exe |
"UDP Query User{444E988F-7F61-4B6F-9178-B28F7D41E425}C:\program files (x86)\steam\steamapps\zer012656\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\team fortress 2\hl2.exe |
"UDP Query User{4499733E-C0CD-4755-AEEC-17CB6812CECA}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{60A69DDD-C870-4A87-AD61-15A0A6E650B9}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{61E09EB6-3D8E-49E4-84C5-065F60FF017B}C:\users\renato\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\renato\appdata\roaming\spotify\spotify.exe |
"UDP Query User{65EDBEF0-AB01-4C6A-81FD-C208A882D66A}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{7CF2D50F-0BE5-4751-AB5A-D38DB148434C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{7FABC60C-D8EC-49B4-AFAE-7288F004FD43}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{888EAA69-CAAF-431E-8528-81887F5A660F}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{8C7C2DFD-6467-494D-8516-0E20E2EBC327}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{8D770ED6-CE52-4559-A374-BFFD629B346A}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{9B6FF50E-B47C-42AF-BEA0-841F0141EDBE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{9CE29502-2D82-4C7E-B517-A7438AEC8436}C:\users\renato\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\renato\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{9F2052DB-5833-4788-AB94-218EBF661D6B}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{A470998B-0370-4BEF-9FA0-7AC40D4E1B2B}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{A80805C4-4C70-4421-B062-E3AA9D3134B6}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{A87A0B1D-1F8D-4FA4-91C6-38742B208E24}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{BE59E2CD-13E2-4900-9103-7C23C5C31CCD}C:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\zer012656\counter-strike source\hl2.exe |
"UDP Query User{C0584400-6CE3-4C99-8D38-121BEE0A51DD}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{C1464535-06FA-427E-94AA-29A092454ABB}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{C92101FF-5D8F-41AC-9026-AB17C651A5AC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{D158A674-758D-46EF-A995-7DFAC19BE8DF}J:\techwizard.exe" = protocol=17 | dir=in | app=j:\techwizard.exe |
"UDP Query User{D2564ED2-345D-4A66-B488-82E60A3C7F77}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{E79D7B68-97A4-469A-8AF9-37F0EAC565BD}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{E99C1F2A-99E6-4F82-AE42-2D29CBB4FB3F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{EBFFA6F5-B4B1-41D1-9421-BFEDB8617FCB}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{EEEADD45-7351-4CCA-857D-7C67C4040F5E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{FC7730A6-D2D1-49BB-8875-27DF686B8EE3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5CF5995-5E0B-967D-3FC5-325089795937}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9F4430E-80DE-EC0F-BF8E-476352C8F954}" = ATI Catalyst Install Manager
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"A-WIN-Extras 8.0.3 2427702_is1" = Mathematica Extras 8.0 (2427702)
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09F46E3D-EAFB-9390-B6D9-F6DAA73B3ECB}" = CCC Help Finnish
"{0A172278-5048-3BDA-D318-974ED0AA0B95}" = CCC Help Greek
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2536F0-8E7A-340F-9031-1AA60BEFBFD8}" = Catalyst Control Center Graphics Full Existing
"{0D526570-6B8F-3CE9-04DB-16FD2E68FCBE}" = CCC Help Danish
"{0E6CE44A-EE07-1C20-72C8-9A24CA2ED2CB}" = Catalyst Control Center HydraVision Full
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{113F4E2E-416A-33BD-D2A6-39C58AB6ACAC}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1688104B-0261-42FC-D796-CB97EA5159A4}" = CCC Help Thai
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18812D65-95DB-5482-4CAC-3B3B5E5446B0}" = CCC Help Italian
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D5B3A03-17FD-EC8F-755B-6164ABFF450A}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223CCCD3-2217-9AA1-98F0-2879733549D0}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}" = ccc-core-static
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40965CEA-43EE-B8D7-09AB-705B5E2A2521}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4680D4CC-5220-6AAF-54D3-C1E75C90A69A}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11AE1B-452A-2A9B-250D-EDB725E39199}" = CCC Help Russian
"{4F9B4C70-F223-B34B-C7D3-55FC1D2BAD2E}" = CCC Help Chinese Standard
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5906DAFF-9370-2B54-D483-343ABB9BE748}" = Catalyst Control Center Graphics Light
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{659F8F13-E8C5-C4B8-85E7-1D3912C06929}" = Catalyst Control Center Localization All
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C6B8B89-AC64-4B04-DBE1-992B80C83F1A}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9D9DC4-EDB9-3181-4D1B-E47C34609E0C}" = CCC Help Portuguese
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8966B8B5-D87A-E689-B370-E79B7691299C}" = Catalyst Control Center Core Implementation
"{89EA759B-B9C8-6CB5-6BF2-248961E68809}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931E11B0-1ACE-438D-90AF-E5D8C64880EF}" = Catalyst Control Center - Branding
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C23A506-3E8B-B91C-4F9B-040518EC792D}" = CCC Help Norwegian
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D54290B-CD49-4B36-2EF2-7597FD0D683F}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9E23819E-8AF4-4D25-A7FE-7756C9E3DBB9}" = LeapFrog Connect
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6F42664-73EC-25B0-F3A9-D8CCE53CFB25}" = Catalyst Control Center Graphics Previews Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B07E4A53-C39E-9BEB-9716-1953F0EE2953}" = CCC Help French
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B439A476-119C-13A9-6FB8-B2B2D566CF63}" = CCC Help Spanish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy
"{C54BBB47-5D1A-5C82-614E-0D75C1AD92B5}" = Catalyst Control Center Graphics Previews Vista
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C725937A-C6B3-0D07-A765-029FB1FD66B6}" = CCC Help Chinese Traditional
"{C744D147-A439-4684-B9BD-E0A5B60AA792}" = LeapFrog Leapster2 Plugin
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D228187B-0D49-44C6-DEA8-64F180D14DB9}" = CCC Help Polish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74B4F5A-28CB-33E4-AFC2-412B8227C582}" = CCC Help Dutch
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5492B8D-B6DB-C3D2-8309-1B6A766CAF85}" = Catalyst Control Center Graphics Full New
"{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}" = Verizon Download Manager
"{F5F38D48-5AF3-EEEC-7E0C-25D516D1DC74}" = CCC Help Czech
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"alotAppbar" = ALOT Appbar
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Desura" = Desura
"DragonNest" = DragonNest
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.3 2427703_is1" = Wolfram CDF Player (M-WIN-D 8.0.3 2427703)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OnLive" = OnLive
"Proun" = Proun
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"Rybka 3 Aquarium Demo_is1" = Rybka 3 Aquarium Demo
"StarCraft II" = StarCraft II
"Steam App 12900" = Audiosurf
"Steam App 18700" = And Yet It Moves
"Steam App 200010" = Quantum Conundrum
"Steam App 205700" = Quantum Conundrum Demo
"Steam App 205790" = Dota 2 Test
"Steam App 218230" = PlanetSide 2
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 31270" = Puzzle Agent
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 35700" = Trine
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57310" = Amnesia: The Dark Descent Demo
"Steam App 58200" = Jolly Rover
"Steam App 630" = Alien Swarm
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8980" = Borderlands
"Steam App 9500" = Gish
"Tarrasch Chess GUI_is1" = Tarrasch Chess GUI V1.00a
"TeamViewer 6" = TeamViewer 6
"UPCShell" = LeapFrog Connect
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"Vindictus" = Vindictus
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"NCsoft-Aion" = Aion
"Octoshape Streaming Services" = Octoshape Streaming Services
"Power Loader" = Power Challenge Game Plugin
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 1/10/2013 4:39:41 AM | Computer Name = Renato-PC | Source = .NET Runtime | ID = 1023
Description =

[ Hewlett-Packard Events ]
Error - 7/7/2011 9:28:32 PM | Computer Name = Renato-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071107092828.xml
File not created by asset agent

Error - 11/13/2011 9:22:15 AM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8183 Ram Utilization: 20 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 12/13/2011 7:13:29 AM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 3/12/2012 1:00:45 AM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 3/15/2012 3:27:56 PM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 3/29/2012 3:36:37 PM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/10/2012 9:44:44 AM | Computer Name = Renato-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8183 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 9/5/2012 9:35:08 PM | Computer Name = Renato-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8183 Ram
Utilization: 10 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 9/6/2012 8:22:29 PM | Computer Name = Renato-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8183 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 9/6/2012 8:57:44 PM | Computer Name = Renato-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8183 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 1/15/2013 9:16:13 PM | Computer Name = Renato-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:13:53 PM on ?1/?15/?2013 was unexpected.

Error - 1/18/2013 4:53:58 PM | Computer Name = Renato-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2013 5:02:17 PM | Computer Name = Renato-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2013 5:09:33 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7022
Description = The Function Discovery Provider Host service hung on starting.

Error - 1/18/2013 5:09:34 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1070

Error - 1/18/2013 5:10:32 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 1/18/2013 5:10:32 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 1/18/2013 5:10:47 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 1/18/2013 5:11:17 PM | Computer Name = Renato-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 1/18/2013 6:19:56 PM | Computer Name = Renato-PC | Source = Microsoft Antimalware | ID = 1012
Description = %%860 has encountered an error trying to delete an item from quarantine.

For
more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Reveton!lnk&threatid=2147660162

Name:
Trojan:Win32/Reveton!lnk ID: 2147660162 Severity: Severe Category: Trojan Path: startup:_C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\runctf.lnk;file:_C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\runctf.lnk User: Renato-PC\Renato Error Code: 0x8050800c Error
description: An unexpected problem occurred. Install any available updates, and
then try to start the program again. For information on installing updates, see
Help and Support. Signature Version: AV: 1.143.265.0, AS: 1.143.265.0 Engine Version:
1.1.9103.0


< End of report >
  • 0

#3
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
This virus is restricting me freedom to do anything really.

I really need help :(
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am currently reviewing your logs and will post some instructions soon.
  • 0

#5
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Thank you, Buddierdl. I really like this forum and the work that you guys do really do is thankless.

There is also a huge level of trust in the forum as well, since you guys pretty much have the freedom to destroy our computers if there was an untrusted mod in the community.



Thank you for taking your time once again.
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Ren12,

I noticed that you posted your topic twice in the forum. Please don't double post as it only wastes our time.

Step 1: Run OTL fix. Please move OTL to your desktop before you run it.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    [1832/11/28 23:37:17 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\extensions\[email protected]
    
    [2012/12/26 20:24:22 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
    [2012/12/26 20:24:35 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
    
    [2012/09/08 18:11:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\to3ATAR.dat
    [2012/09/08 18:10:55 | 000,000,001 | ---- | C] () -- C:\ProgramData\0351oFMj.exe_.b
    
    [2011/09/24 07:42:27 | 000,000,720 | ---- | M] ()(C:\Users\Renato\AppData\Local\PMB Fik?s) -- C:\Users\Renato\AppData\Local\PMB Fik聥s
    [2011/09/24 07:42:05 | 000,000,720 | ---- | C] ()(C:\Users\Renato\AppData\Local\PMB Fik?s) -- C:\Users\Renato\AppData\Local\PMB Fik聥s
    
    :Commands
    [resethosts]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now? Any more redirects? Has the malware hidden any of your files?

  • 0

#7
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\extensions\[email protected] moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.js not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\to3ATAR.dat moved successfully.
C:\ProgramData\0351oFMj.exe_.b moved successfully.
C:\Users\Renato\AppData\Local\PMB Fik聥s moved successfully.
File C:\Users\Renato\AppData\Local\PMB Fik聥s not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01192013_114520



Sorry about the duplicate.

Will post the next ones shortly.
  • 0

#8
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
# AdwCleaner v2.106 - Logfile created 01/19/2013 at 11:50:21
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Renato - RENATO-PC
# Boot Mode : Normal
# Running from : C:\Users\Renato\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Renato\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\prefs.js

[OK] File is clean.



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-19 12:03:49
-----------------------------
12:03:49.311 OS Version: Windows x64 6.1.7601 Service Pack 1
12:03:49.312 Number of processors: 4 586 0x403
12:03:49.314 ComputerName: RENATO-PC UserName: Renato
12:03:55.318 Initialize success
12:04:02.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
12:04:02.878 Disk 0 Vendor: WDC_____ 01.0 Size: 953674MB BusType: 8
12:04:02.938 Disk 0 MBR read successfully
12:04:02.943 Disk 0 MBR scan
12:04:02.948 Disk 0 unknown MBR code
12:04:02.971 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:04:02.997 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941737 MB offset 206848
12:04:03.038 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11835 MB offset 1928884224
12:04:03.142 Disk 0 scanning C:\Windows\system32\drivers
12:04:21.147 Service scanning
12:04:44.060 Modules scanning
12:04:44.076 Disk 0 trace - called modules:
12:04:44.106 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:04:44.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082c7060]
12:04:44.129 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa80075129c0]
12:04:44.141 Scan finished successfully
12:05:45.960 Disk 0 MBR has been saved successfully to "C:\Users\Renato\Desktop\MBR.dat"
12:05:46.173 The log file has been saved successfully to "C:\Users\Renato\Desktop\aswMBR.txt"










Looks like I can play youtube videos now and whatnot. So definitely in the state it was yesterday. No redirects so far either but I might have to try some more just to make sure.

One more note. MY hitmanpro anti-virus even though it has expired is telling me. Hosts : c/windows/system32/drivers/etc it says host has been compromised. Host file contains Byte order mark (BOM) obfuscation

Edited by Ren12, 21 January 2013 - 07:05 PM.

  • 0

#9
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Okay, so there is one problem.

I can't seem to play any kind of game that I have besides this one game.

When I open it crashes everything including my skype and then I can't play youtube videos like before.

Weirdest thing ever.

It may or may not be related to the redirect virus.
  • 0

#10
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
I FOUND THE PROBLEm. Apparently it's a java virus which explains why it's destroying everyhting including my games and browser and skype.

my Microsoft essentials is saying the virus is : Exploit:java/CVE-2012-4861.AIN


Omg I hope this helps.
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Ren12,

One more note. MY hitmanpro anti-virus even thought it has expried is telling me. Hosts : c/windows/system32/drivers/etc it says host has been compromised. Host file contains Byte order mark (BOM) obfuscation


Thank you for the info. However, I would strongly recommend uninstalling Hitman Pro. There are better programs to protect your computer and this one can end up severely damaging your computer.

I FOUND THE PROBLEm. Apparently it's a java virus which explains why it's destroying everyhting including my games and browser and skype.

my Microsoft essentials is saying the virus is : Exploit:java/CVE-2012-4861.AIN


We'll take care of this below. Please be sure to let me know if this still happens after the fixes. Also, is the game you mention an online game?

Step 1: Run UnHide.

Please download the program here. Double-click it and let it run. Please include the log that it creates on your desktop in your next reply.

Step 2: Run OTL fix. Before you run this fix, please verify that none of your files are missing. This will empty the temp folders on your computer. Some malware hides your files in the temp directories and they would be deleted. Please don't run this fix and let me know if you find files missing.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 3: Run RogueKiller.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 4: Upload file to VirusTotal.

Please go to Virus Total and upload the file "MBR.dat" file that should be located on your desktop. Press "Scan It" and then send me a link to the results page.

Step 5: Run MiniToolbox.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Things I need in your next reply:
  • UnHide log
  • OTL fix log
  • RogueKiller logs
  • VirusTotal link
  • MiniToolbox log
  • Describe the current symptoms of your computer.

  • 0

#12
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
I figured that much that I should uninstall hitmanpro. I already uninstalled because it looked too suspicious.

Yes, the game is starcraft 2 and it's an online game. However, it doesn't happen on one specific game (league of legends) and I don't know why. But once everything crashes nothing works. I'd have to restart for my browser to work on youtube videos and for my skype to work (right now my browser is fine).

But I think if I were to open the game again it would crash everything once again.



Will post everything else shortly.
  • 0

#13
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 01/21/2013 07:48:42 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 509927 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 9063 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

The C:\Users\Renato\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 01/21/2013 08:15:01 PM
Execution time: 0 hours(s), 26 minute(s), and 19 seconds(s)







NOthing seems to be missing but the documents section of my folder seems to have music and my videos folders that I can't acess when I click them. I can still acess my music and my videos on my real folder but there seems to be folders that I didn't previously have on my documents section.

Should I still run otl fix?


edit:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Renato
->Temp folder emptied: 1191847847 bytes
->Temporary Internet Files folder emptied: 17199920 bytes
->Java cache emptied: 832176 bytes
->FireFox cache emptied: 461629905 bytes
->Google Chrome cache emptied: 217965888 bytes
->Flash cache emptied: 16106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95673826 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 2215569 bytes

Total Files Cleaned = 1,896.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01212013_204805

Files\Folders moved on Reboot...
C:\Users\Renato\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj04.dll not found!
File\Folder C:\Windows\temp\hsperfdata_RENATO-PC$\1904 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

------

I also have spyhunter. Should I also uninstall that as well?

Edited by Ren12, 21 January 2013 - 08:19 PM.

  • 0

#14
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
RogueKiller V8.4.3 _x64_ [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Renato [Admin rights]
Mode : Scan -- Date : 01/21/2013 21:23:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 SCSI Disk Device +++++
--- User ---
[MBR] 9660885905bb9492b82c2db67e04fe7e
[BSP] 4caa3ec75e3a1959d4e26684c9e9d5a6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928884224 | Size: 11835 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01212013_02d2123.txt >>
RKreport[1]_S_01212013_02d2123.txt



RogueKiller V8.4.3 _x64_ [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Renato [Admin rights]
Mode : Remove -- Date : 01/21/2013 21:24:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 SCSI Disk Device +++++
--- User ---
[MBR] 9660885905bb9492b82c2db67e04fe7e
[BSP] 4caa3ec75e3a1959d4e26684c9e9d5a6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928884224 | Size: 11835 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01212013_02d2124.txt >>
RKreport[1]_S_01212013_02d2123.txt ; RKreport[2]_D_01212013_02d2124.txt



RogueKiller V8.4.3 _x64_ [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Renato [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/21/2013 21:29:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 224 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 44 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 25 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_01212013_02d2129.txt >>
RKreport[1]_S_01212013_02d2123.txt ; RKreport[2]_D_01212013_02d2124.txt ; RKreport[3]_SC_01212013_02d2129.txt



https://www.virustot...sis/1358821947/




MiniToolBox by Farbar Version:10-01-2013
Ran by Renato (administrator) on 21-01-2013 at 21:36:16
Running from "C:\Users\Renato\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Renato-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-26-82-5C-9A-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-26-82-5C-9A-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::913e:b70a:e1a6:cf8b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 21, 2013 8:52:31 PM
Lease Expires . . . . . . . . . . : Tuesday, January 22, 2013 9:17:00 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201336450
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5E-3E-A2-78-E7-D1-88-52-4C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-E7-D1-88-52-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6915:338c:3530:5676%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 21, 2013 8:52:28 PM
Lease Expires . . . . . . . . . . : Tuesday, January 22, 2013 9:17:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236497157
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5E-3E-A2-78-E7-D1-88-52-4C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{46F3250E-34B9-4FFE-902F-1D9A4B7FEEE3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:861:11e6:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::861:11e6:3f57:fefd%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1002
74.125.228.7
74.125.228.5
74.125.228.8
74.125.228.14
74.125.228.4
74.125.228.0
74.125.228.9
74.125.228.3
74.125.228.1
74.125.228.6
74.125.228.2


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=20ms TTL=252
Reply from 74.125.228.5: bytes=32 time=14ms TTL=252

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 20ms, Average = 17ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=114ms TTL=250
Reply from 98.138.253.109: bytes=32 time=126ms TTL=250

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 114ms, Maximum = 126ms, Average = 120ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...06 26 82 5c 9a 57 ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 82 5c 9a 57 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
10...78 e7 d1 88 52 4c ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:9d38:6ab8:861:11e6:3f57:fefd/128
On-link
10 276 fe80::/64 On-link
11 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::861:11e6:3f57:fefd/128
On-link
10 276 fe80::6915:338c:3530:5676/128
On-link
11 281 fe80::913e:b70a:e1a6:cf8b/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
10 276 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2013 00:12:47 AM) (Source: Application Hang) (User: )
Description: The program LolClient.exe version 2.0.2.12610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bdc

Start Time: 01cdf795c7aad746

Termination Time: 8

Application Path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe

Report Id: 2fb14820-6389-11e2-9efb-78e7d188524c

Error: (01/20/2013 11:29:09 PM) (Source: Application Hang) (User: )
Description: The program SndVol.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b0c

Start Time: 01cdf78f9d4df2fe

Termination Time: 7

Application Path: C:\Windows\system32\SndVol.exe

Report Id: 177e777e-6383-11e2-9efb-78e7d188524c

Error: (01/20/2013 10:43:48 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.0.0.120 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bc0

Start Time: 01cdf77f1572563e

Termination Time: 15

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: c14b4704-637c-11e2-ad10-78e7d188524c

Error: (01/20/2013 10:41:15 PM) (Source: Application Hang) (User: )
Description: The program SC2.exe version 1.5.4.24540 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1490

Start Time: 01cdf788cc77df9c

Termination Time: 47

Application Path: C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

Report Id:

Error: (01/19/2013 11:39:49 AM) (Source: Google Update) (User: Renato-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/19/2013 01:24:12 AM) (Source: Google Update) (User: Renato-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/18/2013 10:45:34 PM) (Source: Application Hang) (User: )
Description: The program LolClient.exe version 2.0.2.12610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1840

Start Time: 01cdf5f751bedf2e

Termination Time: 7

Application Path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe

Report Id: ab64fcc5-61ea-11e2-8a98-78e7d188524c

Error: (01/18/2013 09:23:39 PM) (Source: Application Hang) (User: )
Description: The program spotify.exe version 0.8.5.1333 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d0

Start Time: 01cdf5e7cbf51698

Termination Time: 18

Application Path: C:\Users\Renato\AppData\Roaming\Spotify\spotify.exe

Report Id: eebd0afc-61de-11e2-8a98-78e7d188524c

Error: (01/18/2013 06:23:54 PM) (Source: Application Hang) (User: )
Description: The program LolClient.exe version 2.0.2.12610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a4

Start Time: 01cdf5d229aa6fdd

Termination Time: 12

Application Path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe

Report Id: 1d6a22b6-61c6-11e2-8a98-78e7d188524c

Error: (01/18/2013 06:18:23 PM) (Source: Application Hang) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e0

Start Time: 01cdf5d21655ba87

Termination Time: 4

Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Report Id: 58dbb4ae-61c5-11e2-8a98-78e7d188524c


System errors:
=============
Error: (01/21/2013 08:51:05 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/21/2013 08:48:05 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/21/2013 07:39:23 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%109

Error: (01/21/2013 07:39:23 PM) (Source: DCOM) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/20/2013 11:15:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x8007041d

Error description: The service did not respond to the start or control request in a timely fashion.

Reason: %%892

Error: (01/20/2013 11:15:57 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%1053

Error: (01/20/2013 11:15:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.

Error: (01/20/2013 11:15:15 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service hung on starting.

Error: (01/20/2013 11:12:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:09:26 PM on ?1/?20/?2013 was unexpected.

Error: (01/19/2013 04:39:09 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (01/21/2013 00:12:47 AM) (Source: Application Hang)(User: )
Description: LolClient.exe2.0.2.126101bdc01cdf795c7aad7468C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe2fb14820-6389-11e2-9efb-78e7d188524c

Error: (01/20/2013 11:29:09 PM) (Source: Application Hang)(User: )
Description: SndVol.exe6.1.7601.175141b0c01cdf78f9d4df2fe7C:\Windows\system32\SndVol.exe177e777e-6383-11e2-9efb-78e7d188524c

Error: (01/20/2013 10:43:48 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.0.0.1201bc001cdf77f1572563e15C:\Program Files (x86)\Skype\Phone\Skype.exec14b4704-637c-11e2-ad10-78e7d188524c

Error: (01/20/2013 10:41:15 PM) (Source: Application Hang)(User: )
Description: SC2.exe1.5.4.24540149001cdf788cc77df9c47C:\Program Files (x86)\StarCraft II\Versions\Base23260\SC2.exe

Error: (01/19/2013 11:39:49 AM) (Source: Google Update)(User: Renato-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/19/2013 01:24:12 AM) (Source: Google Update)(User: Renato-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (01/18/2013 10:45:34 PM) (Source: Application Hang)(User: )
Description: LolClient.exe2.0.2.12610184001cdf5f751bedf2e7C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exeab64fcc5-61ea-11e2-8a98-78e7d188524c

Error: (01/18/2013 09:23:39 PM) (Source: Application Hang)(User: )
Description: spotify.exe0.8.5.133317d001cdf5e7cbf5169818C:\Users\Renato\AppData\Roaming\Spotify\spotify.exeeebd0afc-61de-11e2-8a98-78e7d188524c

Error: (01/18/2013 06:23:54 PM) (Source: Application Hang)(User: )
Description: LolClient.exe2.0.2.1261010a401cdf5d229aa6fdd12C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.232\deploy\LolClient.exe1d6a22b6-61c6-11e2-8a98-78e7d188524c

Error: (01/18/2013 06:18:23 PM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.09e001cdf5d21655ba874C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe58dbb4ae-61c5-11e2-8a98-78e7d188524c


CodeIntegrity Errors:
===================================
Date: 2012-08-05 21:50:27.340
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-05 21:50:27.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-31 16:05:16.340
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-31 16:05:16.258
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
AIM 7
Aion
Alien Swarm
ALOT Appbar
AMD USB Filter Driver (Version: 1.0.11.86)
Amnesia: The Dark Descent Demo
And Yet It Moves
ATI Catalyst Install Manager (Version: 3.0.765.0)
Audiosurf
Bandisoft MPEG-1 Decoder
Borderlands
Braid
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (Version: 2009.1201.2247.40849)
Catalyst Control Center InstallProxy (Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (Version: 2010.0310.1824.32984)
ccc-core-static (Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (Version: 2010.0310.1823.32984)
CCC Help Czech (Version: 2010.0310.1823.32984)
CCC Help Danish (Version: 2010.0310.1823.32984)
CCC Help Dutch (Version: 2010.0310.1823.32984)
CCC Help English (Version: 2010.0310.1823.32984)
CCC Help Finnish (Version: 2010.0310.1823.32984)
CCC Help French (Version: 2010.0310.1823.32984)
CCC Help German (Version: 2010.0310.1823.32984)
CCC Help Greek (Version: 2010.0310.1823.32984)
CCC Help Hungarian (Version: 2010.0310.1823.32984)
CCC Help Italian (Version: 2010.0310.1823.32984)
CCC Help Japanese (Version: 2010.0310.1823.32984)
CCC Help Korean (Version: 2010.0310.1823.32984)
CCC Help Norwegian (Version: 2010.0310.1823.32984)
CCC Help Polish (Version: 2010.0310.1823.32984)
CCC Help Portuguese (Version: 2010.0310.1823.32984)
CCC Help Russian (Version: 2010.0310.1823.32984)
CCC Help Spanish (Version: 2010.0310.1823.32984)
CCC Help Swedish (Version: 2010.0310.1823.32984)
CCC Help Thai (Version: 2010.0310.1823.32984)
CCC Help Turkish (Version: 2010.0310.1823.32984)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Counter-Strike: Global Offensive
Counter-Strike: Source
CyberLink DVD Suite Deluxe (Version: 7.0.2115)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desura (Version: 100.53)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Dota 2 Test
DragonNest
DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Gish
Google Chrome (Version: 24.0.1312.52)
Google Update Helper (Version: 1.3.21.123)
Guild Wars 2
Hardware Diagnostic Tools (Version: 6.0.5247.34)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.0.71)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.2.0)
HP Odometer (Version: 2.10.0000)
HP Product Detection (Version: 11.14.0001)
HP Remote Solution (Version: 1.1.11.0)
HP Setup (Version: 1.2.3560.3170)
HP Support Assistant (Version: 7.0.39.15)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.003.001.001)
Hulu Desktop (Version: 0.9.9)
HydraVision (Version: 4.2.162.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Jolly Rover
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2017)
League of Legends (Version: 1.3)
LeapFrog Connect (Version: 3.0.24.12179)
LeapFrog Leapster2 Plugin (Version: 3.0.24.12378)
Left 4 Dead 2
LightScribe System Software (Version: 1.18.8.1)
LIMBO
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mathematica Extras 8.0 (2427702) (Version: 8.0.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Movie Theme Pack for HP MediaSmart Video (Version: 3.1.3310)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NCsoft Launcher (Version: 1.5.4.2)
Nexon Game Manager
Norton Online Backup (Version: 1.2.20.0)
NVIDIA PhysX (Version: 9.10.0513)
Octoshape Streaming Services
OnLive
OpenOffice.org 3.1 (Version: 3.1.9399)
Pando Media Booster (Version: 2.6.0.7)
PictureMover (Version: 3.3.1.19)
PlanetSide 2
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power Challenge Game Plugin
Power2Go (Version: 6.0.3304)
PowerDirector (Version: 7.0.3503)
Proun
Puzzle Agent
Quantum Conundrum
Quantum Conundrum Demo
RAIDXpert (Version: 3.2.1540.5)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recettear: An Item Shop's Tale
Recovery Manager (Version: 5.5.2216)
Rybka 3 Aquarium Demo
Skype™ 6.0 (Version: 6.0.120)
Spotify (Version: 0.8.5.1333.g822e0de8)
SpyHunter (Version: 4.11.10.4138)
Star Wars: Knights of the Old Republic
StarCraft II (Version: 1.5.4.24540)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 5.0.6.0)
Tarrasch Chess GUI V1.00a
Team Fortress 2
TeamViewer 8 (Version: 8.0.16642)
Tribes Ascend Open Beta (Version: 1.0.942.1)
Trine
Tropico 3 - Steam Special Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Ventrilo Client (Version: 3.0.7)
Verizon Download Manager (Version: 1.0.0)
Verizon FiOS Activation
Verizon Help and Support Tool
Verizon Servicepoint 3.7.44 (Version: 3.7.44)
Vindictus
Vz In Home Agent (Version: 7.08.22)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
Wolfram CDF Player (M-WIN-D 8.0.3 2427703) (Version: 8.0.3)
Yahoo! Detect
Zune (Version: 04.07.1404.00)
Zune Language Pack (DEU) (Version: 04.07.1404.00)
Zune Language Pack (ESP) (Version: 04.07.1404.00)
Zune Language Pack (FRA) (Version: 04.07.1404.00)
Zune Language Pack (ITA) (Version: 04.07.1404.00)
Zune Language Pack (NLD) (Version: 04.07.1404.00)
Zune Language Pack (PTB) (Version: 04.07.1404.00)
Zune Language Pack (PTG) (Version: 04.07.1404.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 8183.89 MB
Available physical RAM: 6201.68 MB
Total Pagefile: 16365.97 MB
Available Pagefile: 13016.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.32 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:919.67 GB) (Free:688.43 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.56 GB) (Free:1.58 GB) NTFS

========================= Users: ========================================

User accounts for \\RENATO-PC

Administrator Guest Renato

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Edited by Ren12, 21 January 2013 - 08:37 PM.

  • 0

#15
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Why is there a folder with my name and a folder with everything on my hardrive on my desktop even though I didn't put them there.


That's really creeping me out.


Another weird thing. On my music folder I have stuff I have never put there. They are all pictures related to the bands I listen to but they were never in my music folder before. Idk why they are there.

Edited by Ren12, 21 January 2013 - 10:55 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP