Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problem persist after Malware Bytes [Solved]

Started by chickenlilcurry , Feb 19 2013 07:29 AM

  • This topic is locked This topic is locked

#1
chickenlilcurry
Posted 19 February 2013 - 07:29 AM

chickenlilcurry

    New Member

  • Member
  • Pip
  • 5 posts
The problem began on saturday morning, I noticed it because it would give me random errors on working applications such as skype. I installed aswMBR and it didn't find anything, then I tried TDSS rootkit removing tool and no luck. Then I decided to download malwarebytes but my browser (Chrome) wouldn't let me go to the site. I got my friend to download it and send it through skype and ran safe mode with network enabled and it found nothing. I started my computer again the problem persisted, I tried out rkill and it found 5 to terminate
* C:\Users\PAULOB~1\AppData\Local\Temp\micinafi.exe (PID: 5516) [SUP-HEUR]
* C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe (PID: 4192) [UP-HEUR]
* C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe (PID: 3336) [UP-HEUR]
* C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe (PID: 4484) [UP-HEUR]
* C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe (PID: 5236) [UP-HEUR]

After that I could go to the Malwarebytes website and run Malwarebytes. I did a full scan and it found nothing. I restarted but the problems came back. Also every time these process appeared Microsoft Security Essential would find a risk but fix it. It found

TrojanDownloader:HTML/Adodb.gen!A

Also a weird readme.exe file would show up in my western digital my book 3 tb NAS.

Thats when I came on this forum

OTL logfile created on: 2/19/2013 4:09:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paulo Baylon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.03 Gb Available Physical Memory | 81.51% Memory free
31.96 Gb Paging File | 28.65 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 97.12 Gb Free Space | 32.59% Space Free | Partition Type: NTFS

Computer Name: PAULOBAYLON-PC | User Name: Paulo Baylon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/19 04:06:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paulo Baylon\Downloads\OTL.exe
PRC - [2013/02/17 00:11:16 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
PRC - [2013/02/15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/02/13 21:05:44 | 000,523,264 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2013/01/20 10:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paulo Baylon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/26 02:41:45 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/26 00:05:54 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Paulo Baylon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/11/15 23:03:56 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/10/17 01:21:02 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Paulo Baylon\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/30 07:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/07/18 18:52:16 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/04/14 11:52:41 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/17 00:11:17 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
MOD - [2013/02/17 00:11:17 | 000,546,205 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
MOD - [2013/02/17 00:11:17 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
MOD - [2013/02/17 00:11:17 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
MOD - [2013/02/17 00:11:17 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
MOD - [2013/02/17 00:11:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
MOD - [2013/02/17 00:11:17 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
MOD - [2013/02/17 00:11:17 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
MOD - [2013/02/17 00:11:17 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
MOD - [2013/02/17 00:11:17 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
MOD - [2013/02/17 00:11:17 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
MOD - [2013/02/17 00:11:17 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
MOD - [2013/02/17 00:11:17 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
MOD - [2013/02/17 00:11:17 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
MOD - [2013/02/17 00:11:17 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
MOD - [2013/02/17 00:11:17 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\select.pyd
MOD - [2013/02/17 00:11:16 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
MOD - [2013/02/17 00:11:16 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
MOD - [2013/02/17 00:11:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
MOD - [2013/02/17 00:11:16 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
MOD - [2013/02/17 00:11:16 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
MOD - [2013/02/17 00:11:16 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
MOD - [2013/02/17 00:11:16 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
MOD - [2013/02/17 00:11:16 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
MOD - [2013/02/17 00:11:16 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
MOD - [2013/02/15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/14 21:26:09 | 012,638,576 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/02/14 21:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/14 01:00:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/02/13 21:05:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2013/02/12 22:13:00 | 000,411,648 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Compression.dll
MOD - [2013/01/25 17:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 17:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 17:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 17:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 17:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/01/09 03:39:33 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/09 03:38:15 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/09 03:36:26 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 03:36:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 03:35:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 03:35:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 03:35:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 03:35:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 03:35:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 03:35:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 03:35:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 03:35:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 03:22:59 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/09 03:21:49 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 03:21:48 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 03:21:48 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 03:21:47 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013/01/09 03:21:33 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/09 03:13:12 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/09 03:13:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/09 03:12:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 03:12:57 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/09 03:12:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 03:12:55 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 03:12:54 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 03:12:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 03:12:53 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 03:12:50 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/17 01:21:02 | 000,553,800 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/29 19:18:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2012/06/29 19:18:04 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2012/06/29 19:17:48 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2012/06/29 19:17:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2012/06/29 19:17:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2011/07/18 18:52:16 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/04/30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/01 10:02:12 | 000,311,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 16:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/08 02:43:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/01 09:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/26 02:41:45 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/03 06:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/11/14 04:44:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/12/09 13:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/30 07:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 12:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/10/24 17:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 05:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 05:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 06:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/29 21:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/20 20:34:59 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011/03/10 21:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 21:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 23:57:34 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2010/11/20 04:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/31 19:01:52 | 000,062,080 | ---- | M] (Etron Technology Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2010/10/31 19:01:51 | 000,038,144 | ---- | M] (Etron Technology Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 18:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/06/23 00:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/11 14:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 12:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 16:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 16:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 16:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 11:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 11:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 11:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 11:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/10/17 01:21:00 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 16:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{C8A5E106-48EF-402D-808C-915F8372389A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...24-002522a58b9a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE BF F1 88 AE 0D CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{C8A5E106-48EF-402D-808C-915F8372389A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paulo Baylon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paulo Baylon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paulo Baylon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/13 17:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/18 22:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 14:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 14:39:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/09/14 06:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulo Baylon\AppData\Roaming\Mozilla\Extensions
[2013/02/18 22:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/01 09:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 09:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/01 09:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 12:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [] \ File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Paulo Baylon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [epeluod.exe] C:\Users\Paulo Baylon\AppData\Roaming\epeluod.exe ()
O4 - HKCU..\Run: [ewabjad.exe] C:\Users\Paulo Baylon\AppData\Roaming\ewabjad.exe ()
O4 - HKCU..\Run: [Internal Configuration Serving State] C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Paulo Baylon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - Startup: C:\Users\Paulo Baylon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paulo Baylon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Paulo Baylon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Paulo Baylon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B967348D-2BD2-4021-914C-07889134ADD3}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C04F07ED-C054-4033-9AEC-8005ACD189D6}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 23:20:39 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\AppData\Roaming\Malwarebytes
[2013/02/18 23:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/18 23:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/18 23:20:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/18 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/18 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\AppData\Local\Macromedia
[2013/02/18 22:58:51 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\AppData\Local\Mozilla
[2013/02/18 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/17 14:08:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/17 13:59:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/17 13:48:49 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\40519441.sys
[2013/02/17 04:20:57 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\AppData\Roaming\{3AEFCEE3-0B67-486C-8137-D82AF1F7A66D}
[2013/02/14 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\Documents\League of Legends
[2013/02/09 15:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013/02/09 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013/02/09 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\AppData\Roaming\Downloaded Installations
[2013/02/09 12:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/09 12:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/09 12:18:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/25 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Paulo Baylon\Desktop\LOLPBE
[2013/01/20 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/19 03:52:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 03:52:56 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 03:51:15 | 000,000,015 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Roaming\mbam.context.scan
[2013/02/19 03:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 03:44:16 | 4281,356,286 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/19 03:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/19 03:39:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4037857326-2689323682-2828062814-1000UA.job
[2013/02/18 18:39:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4037857326-2689323682-2828062814-1000Core.job
[2013/02/18 18:36:20 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/18 18:36:20 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/18 18:36:20 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 13:48:49 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\40519441.sys
[2013/02/17 04:20:54 | 000,974,767 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe
[2013/02/17 00:11:18 | 000,000,999 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2013/02/14 21:17:36 | 000,297,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 23:05:02 | 000,001,957 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013/02/13 03:01:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/06 18:39:26 | 000,001,062 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/06 18:38:26 | 000,005,703 | ---- | M] () -- C:\Users\Paulo Baylon\AppData\Roaming\globler.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/18 23:42:34 | 000,000,015 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Roaming\mbam.context.scan
[2013/02/18 22:58:48 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/17 04:20:44 | 000,974,767 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe
[2013/02/13 03:01:07 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/13 00:22:56 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2013/01/24 00:25:34 | 000,005,703 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Roaming\globler.exe
[2013/01/20 19:12:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013/01/12 22:14:54 | 031,150,159 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Roaming\ewabjad.exe
[2013/01/12 22:14:54 | 031,150,159 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Roaming\epeluod.exe
[2012/05/25 22:55:34 | 000,003,397 | ---- | C] () -- C:\Users\Paulo Baylon\unigine_20120525_2355.html
[2012/05/25 19:55:55 | 000,003,401 | ---- | C] () -- C:\Users\Paulo Baylon\unigine_20120525_2055.html
[2012/05/25 19:47:16 | 000,003,072 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Local\file__0.localstorage
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/07 05:12:08 | 000,000,100 | ---- | C] () -- C:\Users\Paulo Baylon\AppData\Local\fusioncache.dat
[2011/05/07 03:57:06 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/07 03:57:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/07 03:57:04 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/17 20:25:37 | 000,006,148 | -H-- | C] () -- C:\Users\Paulo Baylon\.DS_Store
[2011/04/06 03:50:22 | 411,458,185 | ---- | C] () -- C:\Users\Paulo Baylon\data.cab.004
[2011/04/06 03:50:22 | 1048,576,000 | ---- | C] () -- C:\Users\Paulo Baylon\data.cab.001
[2011/04/06 03:45:44 | 1048,576,000 | ---- | C] () -- C:\Users\Paulo Baylon\data.cab.003
[2011/04/06 03:37:18 | 1048,576,000 | ---- | C] () -- C:\Users\Paulo Baylon\data.cab.002
[2011/04/04 12:31:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/23 21:18:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/11 08:33:56 | 001,816,039 | ---- | C] () -- C:\Users\Paulo Baylon\ARGOSetup.exe

========== ZeroAccess Check ==========

[2009/07/13 19:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 20:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 16:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 16:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/24 20:13:02 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\.minecraft
[2011/04/15 07:13:48 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Braid
[2012/01/11 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\calibre
[2012/08/03 16:58:21 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Carbon
[2011/11/28 00:33:08 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Crayon Physics Deluxe
[2012/07/12 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\DAEMON Tools Lite
[2012/07/18 23:01:53 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Doublefine
[2013/02/09 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Downloaded Installations
[2013/02/19 04:12:15 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Dropbox
[2012/06/16 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Fatshark
[2012/10/10 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\HandBrake
[2011/02/03 18:30:37 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Hi-Rez Studios
[2012/07/16 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\KeePass
[2011/01/28 12:21:19 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\LolClient
[2012/05/23 19:31:31 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\LolClient2
[2012/04/25 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\mkvtoolnix
[2012/06/11 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\mm
[2012/01/12 16:40:59 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Origin
[2011/12/13 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Rainmeter
[2011/02/19 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\runic games
[2011/02/26 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\SC2MM
[2013/01/17 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Spotify
[2011/02/06 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Stardock
[2011/04/02 00:29:20 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\TeamViewer
[2011/02/22 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\The Creative Assembly
[2012/09/14 06:55:30 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Thunderbird
[2011/02/08 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\Unity
[2013/02/19 03:43:28 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\uTorrent
[2013/02/17 04:20:57 | 000,000,000 | ---D | M] -- C:\Users\Paulo Baylon\AppData\Roaming\{3AEFCEE3-0B67-486C-8137-D82AF1F7A66D}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Paulo Baylon\Documents\desktop.ini:gs5sys

< End of report >

OTL Extras logfile created on: 2/19/2013 4:09:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paulo Baylon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.03 Gb Available Physical Memory | 81.51% Memory free
31.96 Gb Paging File | 28.65 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 97.12 Gb Free Space | 32.59% Space Free | Partition Type: NTFS

Computer Name: PAULOBAYLON-PC | User Name: Paulo Baylon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00767C47-2CF1-4A88-86B6-AE6AA05FEDA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{00D90FD8-E66B-4FF1-9571-9E78EF4AB03A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0256881C-B87E-4AE7-8326-CF7342027FCE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{051492F7-966D-43C2-8E03-DC2C7C016F3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0804A16E-FD8C-4CE6-88F3-9D3C6C6ED5E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{13E0BFA4-0657-4843-A076-EA6047CCD556}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{148C246D-DE00-4818-A0EC-AFAC1A17664F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1D51A0F8-E4E2-4D84-90F7-EBCF34DD5BB7}" = rport=137 | protocol=17 | dir=out | app=system |
"{1D69AC7D-33CA-41EA-B3FE-7C0B324B75B7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{29888B3B-99F9-4404-8CBF-DF683EC0282F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A5BFBCE-FB4D-40D6-9DBE-30B73DA06FE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FF602AE-D06D-49B1-9CE7-E895C8BA509A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3874E57B-6B57-4FCA-9513-532F301C4498}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{38C5B3E5-20B0-4A70-9412-9FCFE8FEBE86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CA53620-E6D2-4DCB-96E8-A668C4F0E5E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DDEF0D5-F514-4105-80A5-CAE4CC99D118}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3F580B21-1A54-4668-BA76-4B40232F3A78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42E7F9FE-098B-4168-B5E8-F39B271DE121}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44DCD514-A934-40D9-9093-8771CEDF0AB5}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DAF8292-C9D2-4030-A29E-2A2843D54985}" = lport=445 | protocol=6 | dir=in | app=system |
"{52700CE1-00C8-435A-B827-021B7DBA41DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52E62671-7B77-464A-B232-207FA0998810}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{57827124-8322-4E4A-8F42-DF5362D3EAAA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57C1D5E3-0F04-425A-B0F0-F6985B794FA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5902C24A-C518-4AB9-B751-B70D1512EB0A}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{5B2B6A87-5373-4FA9-9CAC-66004383F7FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5EB971D3-1C12-40AF-9E09-F849E84E384E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6EFB1BE7-0DDE-4A92-B443-4054AAA9F903}" = lport=138 | protocol=17 | dir=in | app=system |
"{706E0283-DA5B-4825-842F-11819023B083}" = lport=10244 | protocol=6 | dir=in | app=system |
"{722B8586-23E2-4E3E-8221-2E347068D9BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{798A3205-580D-4543-9145-11713271F86E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7EE915D8-D440-4704-9289-E06306C33E2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FDBAD30-8F4B-4EED-B754-433E71074A6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84385CD8-4AA2-4E54-B0AB-4D14A3DFB1D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B08ED81-FF4B-4E38-BABB-4ADAD5329444}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{8F322190-DC0B-4D86-9D76-9AD87A93F3C6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{944B85A9-A89E-4A7C-A187-D6C94345B48F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{95F8462D-308B-4B4D-9C9A-EF34817E0CA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9640624F-38F9-4BE1-A327-AD2B283ABFE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A919FF9E-90AA-4B76-B998-7F9CFA052D15}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A99AF1B6-4ABA-4355-A7FC-5D711720E10A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACEC322D-F0A1-41AE-AB0F-5C718F2AA977}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF196045-DC9E-4F02-86AB-A4C6EF42CB2D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5A595E1-6FC5-4197-932B-B9D5E28869D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA9710BD-4EB7-4950-AE58-93E55039D6F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD1365FE-87CE-42FD-B1DE-3137CAD4F23B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C3B49B43-D866-4AD2-956D-41C8D0C0CB26}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C856D33A-E1B6-4369-B831-B78B615E0496}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CA568997-485B-4275-87FD-8755015C75FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB221572-F7AA-46EA-8E27-EF3C5F776E23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D70F12AC-2C35-468E-9035-04F2B02E39BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D812A0EC-E3BF-4CF1-BCEE-B7C6E447FD80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E68C2C79-02BB-4CDC-A36F-B69923B6E270}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB3C0873-ADA3-4663-AD0A-CBEFDD939741}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDAE48B2-D1AA-405B-9901-9CB58BF70B7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F43C3632-052D-4999-87B1-80F686280AE5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FEB6F4B9-1772-4DCB-88AD-74A6129F1867}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEEAA43A-F7C5-4C93-905A-51E4E1D9E988}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F89436-FC7D-4465-B5F7-ED2544082B92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{04668B73-DCCF-4987-A34E-0FEDFC838FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{04697096-F318-42B3-86B6-1754116768F1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{04CD2168-2614-4A80-B9B2-396051B7F764}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{06350499-1B67-4815-90CE-287BAAEFECED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{09B82231-D3DC-4CF5-9631-7FB0E2EA859D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0A83A919-4F66-47B9-85D5-AD52F9494335}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{0AE31558-2B2F-4D5C-B1BC-A5F3560B267F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{0DB893DA-D793-4D80-AC54-2E0B7C847539}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{0F973EDE-A0AF-4C81-82D6-B5998FC9FB95}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0FC652F8-59B2-46C0-9A9D-90245565DF73}" = protocol=58 | dir=out | [email protected],-28546 |
"{106D9E2A-7765-4617-959E-ABCB1F117975}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe |
"{10F2C875-DB36-4F2F-A232-FDF9E0A7D0A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"{110D6413-EBB8-43F1-848E-769A9C5073EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"{117FA7A9-531F-4031-850C-E965AF5B25C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1240473E-E4C9-4EA1-8B43-624D3A00573B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1329A912-3257-4BBB-B41C-D938BFC13F3A}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera.exe |
"{1528DBEF-E479-45AA-995E-D8DD6097EE73}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"{191EE2ED-FBA1-4683-B294-7C03375D5B39}" = protocol=6 | dir=in | app=c:\users\paulo baylon\appdata\local\akamai\netsession_win.exe |
"{19AB00E1-59BF-4317-9B88-14006D386AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"{19AECD37-5BEE-4B5A-ADFB-83FA6A64AB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{1BB7730B-C7F3-4212-89D9-C5810E6317F1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1C832D75-3016-45EC-9256-F53CFE4EBD5D}" = protocol=58 | dir=in | app=system |
"{1DEA8D55-C12D-44B6-A544-1F19CDAF6CFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{218A5B4C-5981-4C7B-9313-CC96E8FF7609}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{21DB45FA-2265-471E-836C-8CBECA19AC43}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{26B8EEF1-3ACC-4D07-BBF6-0AE7216F6D9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"{2C320181-8D6D-439E-AB05-9A1304E9D919}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe |
"{2E91E7ED-62FA-4D7F-A729-97899A883391}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3295C7ED-E883-4078-8C1C-79128051A67C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{35CD7BA8-E5C5-4C78-B067-8222180294CA}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera.exe |
"{37BD667F-6A1E-4B08-871C-9D4C68B2B05D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4070379C-61E5-449A-BA4B-983F2E5CA923}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40A67E4D-5AB3-42D7-BB0D-D60F6FB5B8B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{4136E8C7-A929-4945-809D-91289E92CD90}" = protocol=58 | dir=in | [email protected],-28545 |
"{4162F1C5-DFBB-4605-A4D1-C95F1797C466}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{41C137BA-B046-4BE8-8481-3FB95F4A4DC6}" = protocol=6 | dir=in | app=c:\users\paulo baylon\appdata\roaming\dropbox\bin\dropbox.exe |
"{41FD518A-814D-4137-8800-F3B909FE0523}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{4348E31F-6D03-44F1-9979-C0ADE8A067AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{4510DFA8-4A7F-48A1-9B83-9B7DCB175287}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"{459DF90C-A4FA-4766-BE86-9E5F969B6D06}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4663E615-FB6F-423A-A533-C6FCEDD47CC3}" = protocol=58 | dir=out | [email protected],-503 |
"{4773629D-0FED-46BE-915D-FDF9748ABE74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{4C1FD943-2255-45D0-9504-045771D8290C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{4F7E3417-2575-4EE4-B590-6E338ED24D68}" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"{5028ED0D-042A-4F7E-84E5-690625BA52F7}" = protocol=6 | dir=in | app=c:\users\paulo baylon\appdata\roaming\dropbox\bin\dropbox.exe |
"{51C7BBA2-77AD-4C50-8C44-D46682B4BF01}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"{5233A9A1-F65A-439D-96F7-70EF4FBB2F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{532C636A-92A4-4F26-8744-C32A6271B902}" = protocol=6 | dir=out | app=system |
"{534C84C7-3894-4D27-8310-1510675CF7C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{559D6C0D-2944-4609-882D-4507D92B9EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{560956C0-A332-474B-9A10-483BE1656D91}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{58B19B29-E8E7-4015-B524-E9E68BF74A9F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{591DB56A-44A3-48D4-8BF5-270E7007995E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{5CC95F55-213C-418C-A731-72039B9E00E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{5F9E277B-534A-4BC2-864C-C1D88D464A3B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{61C6D348-00CC-4216-9C7F-12FC8A697476}" = protocol=17 | dir=in | app=c:\users\paulo baylon\appdata\roaming\spotify\spotify.exe |
"{63886826-E5FE-4839-8300-E7E6C2BAC697}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{63E90415-D83B-4CCF-8F9F-E7E6E6256ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"{65DC4F34-624E-46EE-8EB0-A9A21202190F}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{66317683-6A14-4B8E-9D78-7279E8838E09}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6817AE8D-3762-4BC4-8618-4734A676A17B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{6991E401-166F-48E3-8845-D71CA694356B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{69BC9947-E794-43F5-99EB-AEC23B9B2115}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E9A8D2F-BD81-4D40-96B5-1575D37EE683}" = protocol=17 | dir=in | app=c:\program files (x86)\age of wonders ii\aow2.exe |
"{701FE160-C1C4-4C82-B7B5-CE86D1579453}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{703BB677-8599-4E99-B962-96A23DA958F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7224802C-583F-49BA-936B-5F3826F48755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75156E72-5DC0-4352-9311-89F04F1C1C95}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"{7616FE4C-F6DC-4680-BFEC-DAFC2B28CA0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{76DF0235-CD19-48FA-8D56-E0C9307475AA}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{7723E254-4ADE-449C-A836-AE564995C4B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7730456A-1F85-4164-B14A-F5D56F83A3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{7C642F28-49B0-4F17-AEFC-BF0A6B09FE8D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7ED068D1-F7EF-46BC-B735-7CFB3F66B71C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{7ED7C3F9-377F-4880-ABE2-686A791F2283}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7FC6654E-80D4-43C0-B156-DEBC54969E3D}" = protocol=1 | dir=out | [email protected],-28544 |
"{82E19186-D3AE-4CA6-8856-279833EA4023}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{82E48114-7750-4CA2-9941-5649D77A40FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{832FE10E-6BD6-41C5-AB54-A5BC035DEE66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{844C470C-62B6-4282-9066-CE1A1B2DD7BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84D60E1E-D31D-49F4-8DBD-25E358DDCF57}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"{86719699-0E7E-4425-95CC-204BE74253E5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8A7FB8F5-FC29-4A59-A334-3BC16A769708}" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe |
"{8B1D723E-D195-4A0D-AFA1-EDD1633E29DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{8CDE79EF-E952-482E-B9AC-3EBB540839E2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CEC979F-CD83-4139-8E06-47C708574937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{913D65FC-579B-48CA-93AC-7AAD6E4DC2D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{927B2045-A7C9-4466-8C65-F21DCD888A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"{930433AF-68C2-4B2A-B77C-5286B1B8374F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9398DE23-29EB-463D-B6B7-00B36B45A75B}" = protocol=17 | dir=in | app=c:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"{946D5F49-F973-4B88-A3A9-1C48626ED076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9488DB66-86F7-4E65-9BFC-DC4413B3E448}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{94CA0C3B-BBEA-4A0A-8E9D-6080824874FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95EB3DD0-1CC2-44FB-8307-96381D1D2A29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{962FD94A-F81C-4E7F-9B81-DC14CD015153}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{975F0CED-4B8F-4825-97FF-A8DE88634910}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{97C58089-AA32-4101-9A66-F207EE220150}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"{9AAA6C1B-FDF3-4C11-A998-9DCD91497AC4}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{9B240427-0E66-48A3-9876-5046781FF3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9C1B14D9-4D5A-4E8F-90AC-B88AF42B3A7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{9C78576F-1912-4DBB-830C-FD77FD79DC06}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |
"{9D616EC6-010F-4C0E-A7EB-926889FFBFB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F18D0E3-A385-4BDD-BF9D-9010FE505909}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{A3059B6B-FC2B-445C-8E43-5B329C47DFF4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A3A87315-ECF8-4FBB-8A39-DBD0CD0AD86F}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A6A21D9B-9D07-4FD5-8F87-FEDEE101D368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6E401CE-8051-441E-8F08-08AD6EA46C02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{A7D2348C-9D7D-45DD-99CF-DB5D6B5CFD82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{A857520B-571A-41B9-B9BB-E8BC63D541AE}" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"{AB2A579B-9BC5-4748-A1C0-3431606B2437}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{AC29DF3B-4E34-4BCE-8E52-5FFCE9B41FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{AC2E4EB8-CE5C-46E4-BCD9-987F1DC9D7F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE0E422A-B4FB-4C74-A383-F90011BB6933}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\windows migration assistant\migrationassistant.exe |
"{AF234594-0593-4833-9E87-7F1CA9FB1D7D}" = protocol=6 | dir=in | app=c:\program files (x86)\age of wonders ii\aow2.exe |
"{AFE10D17-BB31-48C1-B0FC-2A10065F75CE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B08847E2-2194-4294-AA8A-A10F1E86D687}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B2696F86-BE1A-4DAE-B38E-179722D6F78A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{B53A5EC8-8414-460D-B625-989612F413F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{B56FEB92-3218-44D4-AAB9-F5A6977F71DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{B66E03CA-4352-4DF5-A778-C281F0EDEB48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{B7386C85-604A-4B3E-983C-22FC52BE9AD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{B94A0E57-1D92-4531-BDA5-DDAD68B705DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BB2C8AE9-BC3B-4447-A61C-62F5AF640666}" = protocol=17 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"{C07FCE69-C65D-433B-A1AB-5037ACF6567D}" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"{C089B719-595F-4E24-B8D5-E1770E5C046E}" = protocol=6 | dir=in | app=c:\users\paulo baylon\appdata\roaming\spotify\spotify.exe |
"{C17EB469-F963-4570-B796-BE4A053C265F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C27B4EDA-C5B2-48A7-9FE2-96783C930735}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{C3F3CB0C-4E60-492D-9EA5-472AF4C3A870}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C4D53BEA-75F5-4AA2-8EE1-12085C0DD092}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe |
"{C555FB14-0598-4099-AF51-1AE7B7B25FB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{C6F1771F-97A5-4726-ADDA-EFC4343F8522}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{C9B0FBC5-10A4-46CE-8E98-81328DCCEC7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CAEB4C68-7897-41F2-984C-97817D494344}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB941620-6BB4-4C76-A50E-DAB98A308DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC7670E9-15C1-49EB-BFB4-628445AFFCC3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEA2F303-5730-4073-9F2F-56BC2EAD937C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{CF45E2E4-4EE2-4979-B72E-E3BFCC710567}" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe |
"{D0C302F2-E5B3-4DD2-8884-B717CE484874}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{D14E6124-5D5D-4379-ABC7-60900566B670}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{D246D288-BC1C-4155-866B-A8BE4B524B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{D4479CDC-092F-4A66-8159-20F32A861343}" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"{D4C870BC-0DA3-41E4-B2A1-06C89B625054}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4F363AF-AB24-407B-9A98-B781146FA3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{D787342A-5154-4B48-9114-D379717D8CD6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C4E8E4-0E9D-41D5-8803-90E8C15B0FF4}" = protocol=17 | dir=in | app=c:\users\paulo baylon\appdata\local\akamai\netsession_win.exe |
"{DB6BF0CC-4277-42D2-9C3B-0612A7EDDF41}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\vlc setup helper.exe |
"{DDCAC8FB-FFAC-42D1-999E-A26F1B7B2FEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous tank battles\gtb.exe |
"{DE0C7FB9-2202-44BF-8A0F-9E35BAC258B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp206500\airmech.exe |
"{DFB2C629-971C-46F3-B137-034B6C9A8B6C}" = protocol=1 | dir=in | [email protected],-28543 |
"{E567C646-5A8C-4D26-82D6-1724D6158868}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{E5AA8ABB-851B-4F70-8190-A2F8CABE17A9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E980B345-AFC2-420B-9AB5-15C844137C8C}" = protocol=17 | dir=in | app=c:\users\paulo baylon\appdata\roaming\dropbox\bin\dropbox.exe |
"{ECE8871A-C60B-4946-8F46-85F061338B4F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F112023B-D716-45B4-8997-569D1B96080B}" = protocol=6 | dir=in | app=c:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"{F1871BD4-6927-4615-A416-D2BF1D6B5935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{F3160A2F-74DD-4622-9780-2B1BF34B920E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F38AED50-AE95-4CFF-B811-D427EB64576C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F6EF6F2F-777B-40DC-8CC8-A6F26DCEA221}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA04CB5B-1D25-4A29-B986-FE4C99DD4F30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{FAAE915A-706C-4269-A171-8B2B1E52458E}" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"{FDDDCBD6-02B3-4366-BD52-67BD2777EB72}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FE07CE40-8C72-40A8-8EA7-B077B783DC7D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{FE4D7979-441B-422A-8FB2-5E9C11D528D0}" = protocol=17 | dir=in | app=c:\users\paulo baylon\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1AE3920C-D545-4932-92D5-0D7D46892A41}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{1C0C9162-66AA-4ACA-9507-C1117535DE03}C:\program files (x86)\tera\tera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera.exe |
"TCP Query User{2AE2D22E-5762-4641-84E6-46F48C6A7C43}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{300C2F8B-7B1A-4576-BEA6-02482DC8138D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{44FF2BE4-5DEF-4D66-BEAC-3E459556EFF9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{47A2F9F8-599D-4C09-B4A2-5E14DDF69417}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{491FB0AA-59FC-4BEC-9303-2ADD77DAFAA8}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5255C502-C656-40DD-B126-0DC23EDDFEE9}C:\users\paulo baylon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\paulo baylon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{74329D06-3B56-492C-8805-8F27581DEE92}C:\program files (x86)\age of wonders ii\aow2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of wonders ii\aow2.exe |
"TCP Query User{8F89DEAD-A87E-44B9-8648-FA1103E608D2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{A8FA3097-608A-471A-8765-1408369F3AAD}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"TCP Query User{BC168142-07A5-4EE8-82B5-D822903E067D}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{C45C35AF-A412-4E7E-B39D-D28153344D4B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CF271912-EAD6-4785-AC0A-9D4DDE0763FD}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{D148CECE-DE25-4455-96B9-C9FC7501C017}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{EEABE3E2-CB90-42CC-952A-7E62414E4A50}C:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{F1EEF9DE-69DD-4AD4-BE7E-37212D180150}C:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe |
"UDP Query User{299B23D3-74E9-49A1-979B-6C5421A813C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2FDFFE5B-87B2-470D-8CE3-A95CA7C457A3}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{3BF9E1E9-11A2-4645-A206-19A36FCDAB53}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{4A73C490-4766-4D54-A4A8-11849E54240C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{58F2B0E0-404A-4032-8C04-8142AEB33A09}C:\program files (x86)\tera\tera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera.exe |
"UDP Query User{595E1F28-5271-4C4E-A56D-780EAAF31537}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{721A6D74-EF90-4B80-8684-0AC9F2B266D5}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{7C917905-2748-4B8C-BE6E-3539EDDAA992}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{84565A75-A38B-48CD-BE58-9B911E1336BF}C:\program files (x86)\age of wonders ii\aow2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of wonders ii\aow2.exe |
"UDP Query User{95CD6BB1-E121-4C06-89D5-AA9AA9DA6EC2}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"UDP Query User{A3EC96CC-01CF-440C-9ED8-D8BF54BECD5F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{A53CE283-D5B9-4092-9C4A-3D313493E407}C:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2\bin\witcher2.exe |
"UDP Query User{BB47C96D-B98D-4100-8581-BACE938C4581}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{BE7F360C-733B-4175-99AE-4D26C3DE438F}C:\users\paulo baylon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\paulo baylon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C9AFCEA4-7173-4B12-9DA1-0E7E823A3581}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{F7FEF5B7-53FC-49C7-A7DF-91FF64023C53}C:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\users\paulo baylon\documents\my games\mechwarrior 4\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{FE296B9F-1709-4A64-8493-3946D696FE41}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java™ 6 Update 25 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}" = WD SmartWare Drive Manager
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EA6244A-C8E4-4C10-AA1D-037C0C12D4F5}" = calibre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}" = GameSpy Comrade
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{B6685367-A8AD-4414-A2A3-10B40EC5CF30}" = SharpKeys
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D8BC400A-9D14-468B-A674-1D76A987AAFC}" = Windows Migration Assistant
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CDisplay_is1" = CDisplay 1.8
"Civilization V" = Sid Meier's Civilization V
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DivX Setup" = DivX Setup
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"HandBrake" = HandBrake 0.9.8
"Impulse" = Impulse
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"KeePass Password Safe_is1" = KeePass Password Safe 1.23
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MKVToolNix" = MKVToolNix 5.5.0
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PrecisionX" = EVGA Precision X 3.0.4
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"SABnzbd" = SABnzbd 0.7.11
"SpeedFan" = SpeedFan (remove only)
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203630" = Warlock - Master of the Arcane
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 205530" = Gratuitous Tank Battles
"Steam App 207170" = Legend of Grimrock
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 218230" = PlanetSide 2
"Steam App 220070" = Chivalry: Medieval Warfare Dedicated Server
"Steam App 220240" = Far Cry® 3
"Steam App 223390" = Forge
"Steam App 24240" = PAYDAY: The Heist
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40800" = Super Meat Boy
"Steam App 42910" = Magicka
"Steam App 47890" = The Sims™ 3
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 98800" = Dungeons of Dredmor
"TeamViewer 6" = TeamViewer 6
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"VLC Setup Helper_is1" = VLC Setup Helper
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"XFastUsb" = XFastUsb

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Hawken" = Hawken
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2012 8:00:01 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/27/2012 12:41:24 AM | Computer Name = PauloBaylon-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 16.0.912.77 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12f8 Start
Time: 01ccdca00107b4df Termination Time: 3 Application Path: C:\Users\Paulo Baylon\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 16e763a6-48a1-11e1-9d71-0002762a65e7

Error - 1/27/2012 5:30:43 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/27/2012 5:30:48 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/28/2012 6:00:15 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/28/2012 6:00:20 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/29/2012 6:14:06 AM | Computer Name = PauloBaylon-PC | Source = Application Hang | ID = 1002
Description = The program AsrXTU.exe version 0.1.54.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e4c Start Time:
01ccdc8f3c573121 Termination Time: 195 Application Path: C:\Program Files (x86)\ASRock
Utility\AXTU\Bin\AsrXTU.exe Report Id: e2949abb-4a61-11e1-9d71-0002762a65e7

Error - 1/29/2012 9:50:34 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 1/29/2012 9:50:53 AM | Computer Name = PauloBaylon-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/30/2012 12:00:08 AM | Computer Name = PauloBaylon-PC | Source = Windows Backup | ID = 4103
Description =

[ Media Center Events ]
Error - 9/26/2012 1:52:45 PM | Computer Name = PauloBaylon-PC | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 10/5/2012 12:25:56 AM | Computer Name = PauloBaylon-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 11/13/2012 5:25:40 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:25:40 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 11/16/2012 5:31:37 AM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:31:27 AM - Error connecting to the internet. 12:31:29 AM - Unable
to contact server..

Error - 12/15/2012 5:35:29 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:35:29 PM - Error connecting to the internet. 12:35:29 PM - Unable
to contact server..

Error - 12/15/2012 5:36:18 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:36:16 PM - Error connecting to the internet. 12:36:16 PM - Unable
to contact server..

Error - 1/2/2013 5:17:29 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:17:29 PM - Error connecting to the internet. 12:17:29 PM - Unable
to contact server..

Error - 1/2/2013 5:18:17 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 12:18:16 PM - Error connecting to the internet. 12:18:16 PM - Unable
to contact server..

Error - 1/2/2013 6:19:06 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 1:19:06 PM - Error connecting to the internet. 1:19:06 PM - Unable
to contact server..

Error - 1/2/2013 6:20:12 PM | Computer Name = PauloBaylon-PC | Source = MCUpdate | ID = 0
Description = 1:20:11 PM - Error connecting to the internet. 1:20:11 PM - Unable
to contact server..

[ System Events ]
Error - 2/19/2013 7:19:39 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/19/2013 7:19:39 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/19/2013 7:19:39 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/19/2013 7:20:57 AM | Computer Name = PauloBaylon-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2013 7:20:57 AM | Computer Name = PauloBaylon-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2013 7:21:08 AM | Computer Name = PauloBaylon-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2013 7:26:43 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/19/2013 7:26:43 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/19/2013 8:47:05 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/19/2013 8:47:05 AM | Computer Name = PauloBaylon-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
  • 0

Advertisements

#2
Buddierdl
Posted 19 February 2013 - 08:33 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will post some instructions once I review your logs.
  • 0

#3
chickenlilcurry
Posted 19 February 2013 - 12:20 PM

chickenlilcurry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the reply
  • 0

#4
Buddierdl
Posted 19 February 2013 - 01:41 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi chickenlilcurry,

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

Step 1: Run OTL fix. Please move OTL to you desktop before running the fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[createrestorepoint]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...24-002522a58b9a
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/...q={searchTerms}

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O4 - HKCU..\Run: [epeluod.exe] C:\Users\Paulo Baylon\AppData\Roaming\epeluod.exe ()
O4 - HKCU..\Run: [ewabjad.exe] C:\Users\Paulo Baylon\AppData\Roaming\ewabjad.exe ()
O4 - HKCU..\Run: [Internal Configuration Serving State] C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe ()

:Files
C:\Program Files (x86)\Yontoo
C:\Users\Paulo Baylon\AppData\Roaming\globler.exe

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 4: Upload file.

Please locate the file you mentioned name readme.exe on your NAS and upload it to VirusTotal. Send me a link to the results page.

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • VirusTotal link
  • How is your computer running now? Any more alerts?

  • 0

#5
chickenlilcurry
Posted 19 February 2013 - 09:56 PM

chickenlilcurry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry for the wait I just got back from work and class; but here are the log files. Also that readme.exe file is gone I couldn't find it anywhere after doing the steps you gave me. I also uninstalled utorrent to follow the instruction.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\epeluod.exe deleted successfully.
C:\Users\Paulo Baylon\AppData\Roaming\epeluod.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ewabjad.exe deleted successfully.
C:\Users\Paulo Baylon\AppData\Roaming\ewabjad.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Internal Configuration Serving State deleted successfully.
C:\Users\Paulo Baylon\AppData\Roaming\dfigjdfgd.exe moved successfully.
========== FILES ==========
C:\Program Files (x86)\Yontoo folder moved successfully.
C:\Users\Paulo Baylon\AppData\Roaming\globler.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-PAULOBAYLON-PC
->Temp folder emptied: 388839 bytes
->Temporary Internet Files folder emptied: 1635516 bytes

User: Paulo Baylon
->Temp folder emptied: 118363123 bytes
->Temporary Internet Files folder emptied: 2954337 bytes
->Java cache emptied: 19979021 bytes
->FireFox cache emptied: 4908513 bytes
->Flash cache emptied: 748 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30508 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 142.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192013_144611

Files\Folders moved on Reboot...
C:\Users\Paulo Baylon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here is the adwcleaner log

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 14:52:49
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paulo Baylon - PAULOBAYLON-PC
# Boot Mode : Normal
# Running from : C:\Users\Paulo Baylon\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Paulo Baylon\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Paulo Baylon\AppData\Roaming\Mozilla\Firefox\Profiles\peigs0ok.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2909 octets] - [19/02/2013 14:52:49]

########## EOF - C:\AdwCleaner[R1].txt - [2969 octets] ##########

Here is the aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-19 18:25:18
-----------------------------
18:25:18.665 OS Version: Windows x64 6.1.7601 Service Pack 1
18:25:18.665 Number of processors: 4 586 0x2A07
18:25:18.666 ComputerName: PAULOBAYLON-PC UserName: Paulo Baylon
18:25:19.146 Initialize success
18:28:00.407 AVAST engine defs: 13021902
18:28:03.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7
18:28:03.731 Disk 0 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
18:28:03.744 Disk 0 MBR read successfully
18:28:03.746 Disk 0 MBR scan
18:28:03.761 Disk 0 Windows 7 default MBR code
18:28:03.773 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:28:03.837 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
18:28:03.981 Disk 0 scanning C:\Windows\system32\drivers
18:28:22.615 Service scanning
18:28:50.181 Modules scanning
18:28:50.188 Disk 0 trace - called modules:
18:28:50.212 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
18:28:50.217 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e0cc060]
18:28:50.223 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800d88a9b0]
18:28:50.228 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-7[0xfffffa800d896060]
18:28:50.575 AVAST engine scan C:\Windows
18:28:56.029 AVAST engine scan C:\Windows\system32
18:33:24.700 AVAST engine scan C:\Windows\system32\drivers
18:33:38.592 AVAST engine scan C:\Users\Paulo Baylon
18:44:49.101 AVAST engine scan C:\ProgramData
18:49:36.363 Scan finished successfully
18:50:24.684 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Baylon\Desktop\MBR.dat"
18:50:24.722 The log file has been saved successfully to "C:\Users\Paulo Baylon\Desktop\aswMBR.txt"


Further note I haven't experienced any error as of late, crossing my fingers and like I said earlier I couldn't find that file so I can't send it to virus total.
  • 0

#6
Buddierdl
Posted 20 February 2013 - 08:02 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi chickenlilcurry,

Things look pretty good to me. Let's run a few scans to catch any remnants.

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

  • Open MBAM and update the virus definitions.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#7
chickenlilcurry
Posted 20 February 2013 - 05:45 PM

chickenlilcurry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I followed the next steps, everything was fine except ESET Online Scanner found this 2 files

C:\_OTL\MovedFiles\02192013_144611\C_Users\Paulo Baylon\AppData\Roaming\epeluod.exe multiple threats
C:\_OTL\MovedFiles\02192013_144611\C_Users\Paulo Baylon\AppData\Roaming\ewabjad.exe multiple threats

Here are the logs.


Results of screen317's Security Check version 0.99.58
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 31
Java 7 Update 13
Adobe Flash Player 11.5.502.149 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Mozilla Thunderbird (17.0.2)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


MBAM log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paulo Baylon :: PAULOBAYLON-PC [administrator]

2/20/2013 9:14:57 AM
mbam-log-2013-02-20 (09-14-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251008
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Online Scan


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ecffc4c2cdf134ea88fc4c56f1f2daa
# engine=13201
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-20 10:10:35
# local_time=2013-02-20 01:10:35 (-0900, Alaskan Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 61784281 112941685 0 0
# scanned=258515
# found=2
# cleaned=0
# scan_time=10271
sh=77B3A2B0144CE04CE4527C2546451CE0A9F0EA92 ft=1 fh=a1890d32a487efb2 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02192013_144611\C_Users\Paulo Baylon\AppData\Roaming\epeluod.exe"
sh=77B3A2B0144CE04CE4527C2546451CE0A9F0EA92 ft=1 fh=a1890d32a487efb2 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02192013_144611\C_Users\Paulo Baylon\AppData\Roaming\ewabjad.exe"

Was I suppose to turn of Microsoft Security Essential during these scans? I wasn't aware of that. Hopefully it doesn't hinder the clean up process. Also aside from those to file that eset found I haven't anything glaring.
  • 0

#8
Buddierdl
Posted 21 February 2013 - 08:30 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, Chickenlilcurry :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

The files found by ESET were ones we had already quarantined with OTL. They will be deleted when you run the cleanup below.

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Please update these programs, as old versions pose a security risk.
  • Adobe Flash -> You can get the latest version here.
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:
  • Launch Adobe Reader.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#9
chickenlilcurry
Posted 21 February 2013 - 03:39 PM

chickenlilcurry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks a lot for the help.
  • 0

#10
Buddierdl
Posted 21 February 2013 - 05:40 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
My pleasure :)
  • 0

#11
Essexboy
Posted 22 February 2013 - 07:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP