Skype malware
Started by
CrazyShadowDami
, Apr 01 2013 05:26 AM
#1
Posted 01 April 2013 - 05:26 AM
CrazyShadowDami
-
- Member
-
- 23 posts
Member
#2
Posted 01 April 2013 - 05:49 AM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Hello, CrazyShadowDami and welcome to GeeksToGo!
You can call me Phel and today I will help you with your trouble.
Please, read these instructions carefully, because they contain some very useful information.
Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.
Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.
Okay, let's launch one program first.
Download OTL to your Desktop
You can call me Phel and today I will help you with your trouble.
Please, read these instructions carefully, because they contain some very useful information.
Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.
Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.
Okay, let's launch one program first.
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
#3
Posted 01 April 2013 - 06:06 AM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
OTL.T.txt-
OTL logfile created on: 1.4.2013. 13:51:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.29% Memory free
7.49 Gb Paging File | 6.07 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.01 13:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damjan\Downloads\OTL.exe
PRC - [2013.03.30 16:11:59 | 000,282,624 | RHS- | M] (Skype Technologies S.A.) -- C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe
PRC - [2013.03.23 11:58:47 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.03.13 15:46:35 | 000,822,272 | RH-- | M] () -- C:\Windows\temp\temp39.exe
PRC - [2013.02.23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013.01.31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.01.17 20:59:25 | 000,341,504 | ---- | M] () -- C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe
PRC - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 12:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.12.13 17:29:42 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.12.11 19:50:10 | 001,610,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.23 11:58:49 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.03.13 15:46:35 | 000,822,272 | RH-- | M] () -- C:\Windows\temp\temp39.exe
MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.09.28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.03.26 12:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.12 23:15:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.01.31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.01.08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 12:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 19:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.04 19:49:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.02 19:49:47 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.10.23 18:40:32 | 000,077,144 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.05 19:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.02 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.15 05:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.18 16:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.14 00:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.14 00:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.01 07:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...00000FF3A2A88E0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 84 CF 50 DF F4 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000FF3A2A88E0
IE - HKCU\..\SearchScopes\{1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.12.07 21:51:18 | 000,000,000 | ---D | M]
[2013.03.22 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damjan\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2012.11.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.delta-sea...00000FF3A2A88E0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.0_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Savings-Slider = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
O1 HOSTS File: ([2012.12.09 23:08:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs) - {A74D819A-0955-6615-AE8F-9C9031BCBD6D} - C:\ProgramData\SaveAs\50fb05e22320f.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SonyAgent] C:\Windows\temp\temp39.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software)
O4 - HKCU..\Run: [mapdisk] C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat ()
O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe (Skype Technologies S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2A88E0-3D5A-4C49-A9EC-7ECEC3A68531}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7FEB547-ECC0-4937-9B7E-14E24CE0CBE0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.01 03:16:15 | 000,564,175 | R--- | M] () - F:\Autorun.dbd -- [ CDFS ]
O32 - AutoRun File - [2007.08.26 03:49:27 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.08.17 08:26:49 | 000,004,274 | R--- | M] () - F:\Autorun.txt -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.01 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013.03.30 16:13:12 | 000,000,000 | RHSD | C] -- C:\Users\Damjan\S-100-4902-8593-5693
[2013.03.30 14:31:32 | 011,202,368 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\RelicCOH.exe
[2013.03.30 14:31:07 | 004,272,448 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\rs.dll
[2013.03.30 13:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.03.30 13:41:25 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2013.03.27 22:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.03.27 22:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013.03.27 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013.03.22 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.03.22 16:25:21 | 000,000,000 | ---D | C] -- C:\WW2
[2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Babylon
[2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.22 16:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.22 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Mozilla
[2013.03.22 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.03.22 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.03.22 14:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\WarThunder
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.03.19 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013.03.19 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder
[2013.03.17 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2013.03.16 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.03.16 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Threat Expert
[2013.03.13 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013.03.13 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.10 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2013.03.09 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Games
========== Files - Modified Within 30 Days ==========
[2013.04.01 13:54:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Damjan.job
[2013.04.01 13:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 13:11:56 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 13:11:56 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 13:09:45 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 13:09:45 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 13:09:45 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 13:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 13:04:37 | 000,000,000 | -H-- | M] () -- C:\Users\Damjan\AppData\Roaming\winsvcns.sys
[2013.04.01 13:03:38 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 13:03:37 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.04.01 13:03:33 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\{485581DD-18F9-4C3D-93CF-774E0906D52F}.job
[2013.04.01 13:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 13:03:04 | 3018,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.03.31 10:38:42 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2013.03.29 18:46:08 | 000,665,134 | ---- | M] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.29 10:29:33 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013.03.28 17:55:56 | 000,001,175 | ---- | M] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:50 | 000,701,103 | ---- | M] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.27 20:39:37 | 000,000,914 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013.03.27 20:39:37 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.03.26 11:01:34 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.03.23 14:22:19 | 000,228,268 | ---- | M] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:22:10 | 000,234,790 | ---- | M] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:22:04 | 000,261,394 | ---- | M] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:17:57 | 000,262,800 | ---- | M] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:14:11 | 000,002,648 | ---- | M] () -- C:\Users\Damjan\Desktop\Mount&Blade With Fire and Sword [by iMortaluz].lnk
[2013.03.23 12:14:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.23 12:13:46 | 000,040,519 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | M] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:29:55 | 030,237,645 | ---- | M] () -- C:\Users\Damjan\cache.rar
========== Files Created - No Company Name ==========
[2013.03.30 16:13:38 | 000,000,000 | -H-- | C] () -- C:\Users\Damjan\AppData\Roaming\winsvcns.sys
[2013.03.29 18:45:19 | 000,665,134 | ---- | C] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.28 17:55:56 | 000,001,175 | ---- | C] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:08 | 000,701,103 | ---- | C] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.23 14:21:09 | 000,261,394 | ---- | C] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:21:09 | 000,234,790 | ---- | C] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:21:09 | 000,228,268 | ---- | C] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:17:33 | 000,262,800 | ---- | C] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:13:46 | 000,040,519 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | C] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,058 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | C] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:25:56 | 030,237,645 | ---- | C] () -- C:\Users\Damjan\cache.rar
[2013.01.18 12:27:05 | 000,000,842 | ---- | C] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2013.01.05 19:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.01.01 23:07:11 | 000,000,211 | ---- | C] () -- C:\ProgramData\acer.zip
[2012.12.27 01:10:00 | 028,205,253 | ---- | C] () -- C:\Users\Damjan\mp_Austria1401_12_10.eu3
[2012.12.25 17:23:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.25 17:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.07 21:50:56 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.11.24 15:38:49 | 000,779,146 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 21:46:19 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.06 15:11:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.06 15:11:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.06 15:11:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.06 15:11:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.06 01:39:34 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2012.11.06 01:39:34 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2012.11.06 01:39:31 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.11.06 01:39:31 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.11.06 01:39:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.11.06 01:39:30 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.11.04 18:35:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.04 15:24:30 | 000,007,597 | ---- | C] () -- C:\Users\Damjan\AppData\Local\Resmon.ResmonCfg
[2012.11.02 19:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 21:56:49 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\.minecraft
[2012.11.06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG
[2013.03.22 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Babylon
[2013.03.22 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DriverCure
[2013.03.17 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2012.11.21 04:32:40 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GoforFiles
[2012.12.14 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\IObit
[2013.01.18 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Kingsoft
[2013.01.06 18:59:12 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade Warband
[2013.01.08 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.11.14 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\NBSoftSolutions
[2013.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Notepad++
[2012.11.04 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Opera
[2012.12.28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Origin
[2012.11.04 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\ParetoLogic
[2013.03.27 23:01:21 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2012.12.07 21:40:22 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TestApp
[2013.02.22 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Tunngle
[2013.03.30 16:47:58 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\uTorrent
[2012.12.03 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Wargaming.net
[2012.12.13 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\YourFileDownloader
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
Extras.txt-
OTL Extras logfile created on: 1.4.2013. 13:51:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.29% Memory free
7.49 Gb Paging File | 6.07 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe" = C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe:*:Enabled:Microsoft Windows Manager -- (Skype Technologies S.A.)
"C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe" = C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe:*:Enabled:Microsoft Windows Manager -- (Skype Technologies S.A.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308186C-BD1E-497B-89F3-49808982E963}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{152F1625-2926-4AEC-BA6C-86414FBC1BAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C14D561-0468-4B76-8CA1-109600F2EBC8}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{2BEB06B0-0A9E-46C0-A79A-ED81359A7C39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C699605-720E-4DA5-B371-8D571EBD6AF3}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{36404FAB-87B5-4BC0-B018-ABB57EA38D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BE740F1-B45B-4F7C-8CD1-7A0A9111AADC}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{3EE24BD5-A7D5-4406-BDAC-9DF627B720DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F2B372C-59BC-44B1-ACD0-6129B46A2B7D}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{3F382305-C8F1-4F7F-83D3-BF0F87B18349}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{403041EE-5535-4A7B-802E-C006F9BB3950}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{41D779D7-DD57-4AFD-8207-6FD2AED509B1}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{41ED6387-995C-4A4D-8398-E8ED918D4406}" = rport=445 | protocol=6 | dir=out | app=system |
"{439D6BCF-9F45-4499-A034-CA59A673BA08}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4CF2AE89-A2EF-41FE-8252-1C76FB511080}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E480712-7EF3-455C-8408-545F70CC8683}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{71308B28-764F-4416-9BA4-4DFE111DE716}" = lport=53 | protocol=17 | dir=in | name=promo |
"{752B6415-55EE-48B4-AE68-B94E64C756DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C24E274-F530-4022-BC72-58F72605D489}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{7F6EE04F-65A1-4561-9B2C-28616347CAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80D0778B-9BE4-4854-B7A4-A2E46374259D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82934952-613E-4D43-8CBE-7BC50E18E107}" = lport=445 | protocol=6 | dir=in | app=system |
"{954F618D-B17B-44FF-9E1A-0210DBCC7297}" = rport=139 | protocol=6 | dir=out | app=system |
"{9855DD2D-3C0F-4D10-A4E5-5CCA16DD43B1}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{A3E3A866-9132-4F21-91EA-3DE3A132ADC1}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{AD4DA5EA-46A6-420D-B2D0-E37BB1E13780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBC8CEAD-D7F0-4FB1-8394-3BF65C7D344E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEA011FE-0E4A-4043-B200-7333310ED230}" = lport=137 | protocol=17 | dir=in | app=system |
"{C65497A7-0D57-4FCE-A5A5-50349E1E35DB}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{D1F635C5-E8E2-4C37-AA6A-E62A531353B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D570E9D6-D60C-4298-80DF-7CDCD8FFAB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC684A25-23C1-41B1-80E5-5A7982F689B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E103F5F1-4611-4A3D-BD29-5E408904E098}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{E318D8DE-6231-48B7-B137-B6A3FE33A59E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E7427FF2-255C-44CB-BC23-7D49DE3ED984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E84199A3-8B8C-4424-B8E6-228C3C83B32D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EC3D0A61-2912-45CC-8286-A00633DF5F5B}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{EEAD4739-A713-439B-8DB9-2E1426A3431F}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F545ED7C-AAA5-41DB-8688-06FBFA896BE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA5FA871-60F6-4792-B7E6-BAC0410FFFA4}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{FAECE740-5C53-4E0E-9DA6-FB4CA96C7C98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB5489AE-9231-4020-A004-E2F9B9245D7C}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252F0AF-E8BF-4DC6-8259-9BD1B42BCFE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{063FC9AE-5917-4ACC-A1F4-E4517C789305}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{06A852D5-3978-46CE-B865-A9989DDAFB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{088F03F1-BDB7-4645-A911-8CCA2D5D8460}" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC}" = protocol=17 | dir=in | app=c:\windows\temp\temp39.exe |
"{11561526-F9BC-4BA6-9E1C-D622F84319EF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{19CD4B8D-2BCD-4FEB-8CD0-4A39680F6C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B91DCA3-4BED-4C8B-9399-DE311CD135C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26D868EF-E1B8-40E5-8F5A-2C36A1C51E98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{29B0E080-7E1C-4197-B50C-87EBF40E855F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B50CEB8-76B3-4ADB-AD77-17102E168A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{371396C8-F2DD-49F5-BB9F-CBE38C9FA2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3B301B4B-FA4A-4989-9FD4-DFA73C3547CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F515510-AB9B-4B48-9844-3C71F7E42FF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4042E073-ACED-465D-A94C-C88857298380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45882219-A27B-4348-A056-E9EA4E393D20}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4A244410-3681-429E-BEB0-027E3C197F72}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{58CC0ED4-0AD7-45F2-BEB6-168BC577BE8C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{5948C977-E77C-46F4-992A-D08C0541E986}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5DFCD137-EE1D-4A0E-A544-1541AFA14C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6283EC81-E6E9-40EE-9B22-848EE3904D71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A77D1D-F06D-4D14-85FB-A02E60EA033D}" = protocol=6 | dir=out | app=system |
"{6690ABE2-EBFE-41B4-80EF-C5B3E4043739}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66C26C1A-8F91-4A0C-83EC-0B3FD8BA0736}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{68E5F5CC-8A1E-4054-B06D-9D97C7911967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2824F-9EB2-4367-8C00-7584AC72DBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{6C97444E-915D-47C5-B454-0BC72234A7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6D16A92C-096E-423C-943F-7D81F4F553BD}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{70BF7EEB-C772-43CB-B557-E1DCA11FF4F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E18053A-D817-48CA-B11A-836961EAF88F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{802DEB2A-E4D8-4A55-99A9-E68F51948AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A08BEBD-040B-43BE-A5CD-5251BCED45D0}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{8B2A6207-92FD-485A-A2B9-8E7C375C6C73}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{953C51E2-CF6E-4EA0-BD7E-8954907C5B1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A47360C2-AFD0-4017-8074-A1B0CAA44BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C9AD46-81EE-4FDD-A02E-B2CEAE716133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9F65925-92FA-4FE0-A9AE-C73A9F9AEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B1F13AA8-D242-404D-BF9E-30A74137D43C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4ADB5D6-65E5-4682-B9F2-FEF9CD5A8390}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6F54A1E-EE09-4DA6-93C8-B416F019DF9B}" = protocol=58 | dir=in | app=system |
"{BA81DC89-DD77-46DD-93C7-FBECA67ABD79}" = protocol=58 | dir=out | [email protected],-503 |
"{C1D554AB-4DCA-4C3C-861C-7E6052196BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C354D414-9242-46D9-826C-C1EBCA107E69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C467579C-B767-432D-ABDC-8211A7333EEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E}" = protocol=6 | dir=in | app=c:\windows\temp\temp39.exe |
"{C63DEC8F-B800-497F-9AB2-8F839912C3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C98631BA-C5C7-49E5-A3CA-13635A516A4B}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{C9D1D3CD-A888-46FC-973F-482C68D563A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CAD12003-B857-4842-92B6-B29BB52464B0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{CF995917-8A3E-4445-9A1B-BCF23075981F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D05895FD-23AE-4F88-9A25-16508C6D1AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D07F84B7-E439-4DBD-AD12-E2807CE4A20C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{D54F3F49-569D-4C45-8EEF-EEF55D0CCEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D90BA2CC-D306-4731-8B95-E1B27A62FFD1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DF24B8F5-4D24-4B7D-BBC0-E5A0483B1B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3175E51-B6DF-4BA6-8A65-5D128D3DB3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{E3EF0A87-4A4F-47AB-8623-2958EFDE013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D75C65-3556-4064-9348-364FEBFA2202}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{EDBDF15B-FE12-4275-9484-7FCBF9E337F7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EE5E60BE-9FA6-4AF9-A54A-0DDABC2B010E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF416BBF-4259-46B3-9249-55979B342665}" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"{F2AAD619-8632-4ABA-B557-B4C0015B82A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56ADE14-05D8-43FE-9CAB-E4AB9CC2A6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F66704C9-5E3D-47CF-801E-918725A243C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{FDE0D59B-CEE4-4F91-ADF9-6607168675CC}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{FE00B6C5-26E9-460D-83DE-25E2CFE3D4EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{02590C0F-F169-4997-9D2B-045EBFED912A}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{0CC2B42D-80C7-41C1-8A18-61402E186D67}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"TCP Query User{415256FE-8BA6-4468-ACA3-713C7FD98787}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"TCP Query User{421773B7-7CE2-48EB-935A-7D442CD518A6}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"TCP Query User{559AC32C-2667-4D8E-8CD0-890AE43E3854}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{604CD075-48CB-44C0-8E09-FB11063333A8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{64322845-F2CD-4A2A-97E3-C0DBCC48B422}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{7F6F540E-5C33-43FF-8EAD-CEC646000EC9}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"TCP Query User{8500E500-3D77-4B47-8E16-776F39EC4905}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{A0ABA62C-46F3-468E-B8E1-AD7296B424F2}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"TCP Query User{C6FF6122-9EAB-4B83-8DA5-F0758B6FA00A}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{DEE90CB2-B07E-4C9E-90EA-94A781E5D053}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DFE94A45-77D7-4A84-937B-865C03D17EC4}C:\users\damjan\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"TCP Query User{EABE963F-1F51-45F1-B9F7-D81A7F145C23}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0EEE3322-AA5B-48FB-BB47-E77F82664C05}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{29231B05-7671-4652-B9BF-EC8EF9D62F7E}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"UDP Query User{29F5675E-45BE-4D12-A5DA-CE862638B6C8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AB30998-B218-44A4-9C6C-0D1CEE9A77EC}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{3C92B959-FB75-4AB6-9008-6E2EE00F3799}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"UDP Query User{4012B7B1-BAB0-4956-B277-2B56ED35FBAD}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"UDP Query User{440C925A-B4F1-4B0C-AC7C-271C82FE0B5D}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{93A6AC96-8F53-4598-96B4-8A46CB43662E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{B035B03C-466E-4DAB-9EDD-EC7181140FD1}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"UDP Query User{BF1F35B7-40C5-4FEF-A4B1-4F2EEC636250}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{C1079986-1DCF-4E91-8763-F2AA56301904}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"UDP Query User{DBDFA4DE-DEEF-4903-AC0D-1C6445B8ED94}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{F1D6459A-47D0-478C-8404-511F788A309A}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{41253317-0BF1-8A3C-2CED-0C7D8037E97E}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"HP Color LaserJet 1600" = HP Color LaserJet 1600
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SaveAs" = SaveAs
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0815DBB1-B3A7-4C43-8F3A-48CBADEBB86C}" = CoH Cheat Mod v2.301
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1" = Hearts of Iron III - Their Finest Hour version 4.02
"{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{526C9B71-B635-4364-BEDC-809D3F4F5B07}_is1" = CoH Invasion Map Pack
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C84078D-CB3B-47B1-AB51-A333D137F9DB}" = HOI3Editor
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}" = Sci-Fi 2 Sound Pack
"{636E94DA-99C0-448F-A931-3DAD83B4975F}" = SharpKeys
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72317981-CEA7-4D57-AB27-9FEE75AA9060}_is1" = CoH Desert Map Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{91C78DA1-800F-4ACE-B6F6-206F7617D69E}" = Comic Sound Pack
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A514E94F-C436-44C3-A1E9-1F58CD352669}" = Modern War Sounds
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = AMD VISION Engine Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B53415F5-4060-48DA-ABB8-00F768158F47}" = Fantasy Sound Pack
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D16C611D-CA6F-402B-9EDA-9862CF4A701B}" = Sci-Fi Sound Pack
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E00A5837-482C-4DCE-B4CC-D16B343374E1}" = Ancient Weapon Sounds
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.178
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}" = Farm Animal Sounds
"{F71EBF86-9A73-44C0-A674-55FA3E4A8428}" = Spooky Sounds
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"BOSS" = BOSS
"Browser Defender_is1" = Browser Guard 4.0
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divine Wind_is1" = Divine Wind version 5.1
"Easy Driver Pro_is1" = Easy Driver Pro v8.03
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileASSASSIN" = FileASSASSIN
"For the Motherland_is1" = For the Motherland version 3.05
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"FXAA Post Process Injector" = FXAA Post Process Injector
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Kingsoft Writer" = Kingsoft Writer (8.1.0.3030)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MDT" = Battlefield Mod Development Toolkit
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Semper Fi_is1" = Semper Fi 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Sound Tools" = Sound Tools Uninstall
"SP_156f8a5f" = SaveAs 1.66
"SP_c22b9000" = Search Assistant JustBrowse 1.66
"TexView 2" = TexView 2 Uninstall
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Visitor 3" = Visitor 3 Uninstall
"VLC media player" = VLC media player 2.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"SOE-C:/Program Files (x86)/PlanetSide" = gamelauncher-ps2-psg (x86)-PlanetSide
"SOE-C:/Users/Damjan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.3.2013. 8:05:12 | Computer Name = Damjan-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Damjan\Downloads\SoftonicDownloader_for_hamachi.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.3.2013. 10:54:48 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 2487964541.exe, version: 6.2.66.106, time
stamp: 0x5156f54a Faulting module name: BtMmHook.dll, version: 6.3.0.4300, time
stamp: 0x4bacee6b Exception code: 0x40000015 Fault offset: 0x00011958 Faulting process
id: 0x1334 Faulting application start time: 0x01ce2d561d48625d Faulting application
path: C:\Users\Damjan\AppData\Local\Temp\2487964541.exe Faulting module path: C:\Program
Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Report Id: c419ece8-9949-11e2-84c0-60eb69c1029c
Error - 31.3.2013. 4:32:36 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ApplicationUpdater.exe, version: 7.0.0.1,
time stamp: 0x5128d820 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x00039342 Faulting
process id: 0x808 Faulting application start time: 0x01ce2d55f7fd976a Faulting application
path: C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: 89a75942-99dd-11e2-84c0-60eb69c1029c
Error - 31.3.2013. 15:48:22 | Computer Name = Damjan-PC | Source = SaveAsUpdater | ID = 0
Description =
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14711
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14711
Error - 1.4.2013. 4:25:20 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x02b40910 Faulting process id:
0x1b40 Faulting application start time: 0x01ce2e624855b1fb Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: b0b3f1bc-9aa5-11e2-84c0-60eb69c1029c
Error - 1.4.2013. 7:04:07 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x57c Faulting application start time: 0x01ce2ec888b41a38 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: df0e7f47-9abb-11e2-8bb0-ec55f90849df
Error - 1.4.2013. 7:05:16 | Computer Name = Damjan-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 1.4.2013. 7:23:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:24:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:24:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:25:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:25:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:26:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:26:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:27:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:27:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:28:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
< End of report >
OTL logfile created on: 1.4.2013. 13:51:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.29% Memory free
7.49 Gb Paging File | 6.07 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.01 13:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damjan\Downloads\OTL.exe
PRC - [2013.03.30 16:11:59 | 000,282,624 | RHS- | M] (Skype Technologies S.A.) -- C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe
PRC - [2013.03.23 11:58:47 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.03.13 15:46:35 | 000,822,272 | RH-- | M] () -- C:\Windows\temp\temp39.exe
PRC - [2013.02.23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013.01.31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.01.17 20:59:25 | 000,341,504 | ---- | M] () -- C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe
PRC - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 12:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.12.13 17:29:42 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.12.11 19:50:10 | 001,610,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.23 11:58:49 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.03.13 15:46:35 | 000,822,272 | RH-- | M] () -- C:\Windows\temp\temp39.exe
MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.09.28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.03.26 12:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.12 23:15:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.01.31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.01.08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 12:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 19:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.04 19:49:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.02 19:49:47 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.10.23 18:40:32 | 000,077,144 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.05 19:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.02 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.15 05:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.18 16:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.14 00:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.14 00:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.01 07:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...00000FF3A2A88E0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 84 CF 50 DF F4 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000FF3A2A88E0
IE - HKCU\..\SearchScopes\{1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.12.07 21:51:18 | 000,000,000 | ---D | M]
[2013.03.22 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damjan\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2012.11.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.delta-sea...00000FF3A2A88E0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.0_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Savings-Slider = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
O1 HOSTS File: ([2012.12.09 23:08:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs) - {A74D819A-0955-6615-AE8F-9C9031BCBD6D} - C:\ProgramData\SaveAs\50fb05e22320f.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SonyAgent] C:\Windows\temp\temp39.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software)
O4 - HKCU..\Run: [mapdisk] C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat ()
O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe (Skype Technologies S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2A88E0-3D5A-4C49-A9EC-7ECEC3A68531}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7FEB547-ECC0-4937-9B7E-14E24CE0CBE0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.01 03:16:15 | 000,564,175 | R--- | M] () - F:\Autorun.dbd -- [ CDFS ]
O32 - AutoRun File - [2007.08.26 03:49:27 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.08.17 08:26:49 | 000,004,274 | R--- | M] () - F:\Autorun.txt -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.01 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013.03.30 16:13:12 | 000,000,000 | RHSD | C] -- C:\Users\Damjan\S-100-4902-8593-5693
[2013.03.30 14:31:32 | 011,202,368 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\RelicCOH.exe
[2013.03.30 14:31:07 | 004,272,448 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\rs.dll
[2013.03.30 13:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.03.30 13:41:25 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2013.03.27 22:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.03.27 22:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013.03.27 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013.03.22 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.03.22 16:25:21 | 000,000,000 | ---D | C] -- C:\WW2
[2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Babylon
[2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.22 16:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.22 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Mozilla
[2013.03.22 16:08:36 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.03.22 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.03.22 14:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\WarThunder
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.03.19 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013.03.19 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder
[2013.03.17 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2013.03.16 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.03.16 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Threat Expert
[2013.03.13 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013.03.13 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.10 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2013.03.09 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Games
========== Files - Modified Within 30 Days ==========
[2013.04.01 13:54:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Damjan.job
[2013.04.01 13:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 13:11:56 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 13:11:56 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 13:09:45 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 13:09:45 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 13:09:45 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 13:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 13:04:37 | 000,000,000 | -H-- | M] () -- C:\Users\Damjan\AppData\Roaming\winsvcns.sys
[2013.04.01 13:03:38 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 13:03:37 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.04.01 13:03:33 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\{485581DD-18F9-4C3D-93CF-774E0906D52F}.job
[2013.04.01 13:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 13:03:04 | 3018,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.03.31 10:38:42 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2013.03.29 18:46:08 | 000,665,134 | ---- | M] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.29 10:29:33 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013.03.28 17:55:56 | 000,001,175 | ---- | M] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:50 | 000,701,103 | ---- | M] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.27 20:39:37 | 000,000,914 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013.03.27 20:39:37 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.03.26 11:01:34 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.03.23 14:22:19 | 000,228,268 | ---- | M] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:22:10 | 000,234,790 | ---- | M] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:22:04 | 000,261,394 | ---- | M] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:17:57 | 000,262,800 | ---- | M] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:14:11 | 000,002,648 | ---- | M] () -- C:\Users\Damjan\Desktop\Mount&Blade With Fire and Sword [by iMortaluz].lnk
[2013.03.23 12:14:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.23 12:13:46 | 000,040,519 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | M] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:29:55 | 030,237,645 | ---- | M] () -- C:\Users\Damjan\cache.rar
========== Files Created - No Company Name ==========
[2013.03.30 16:13:38 | 000,000,000 | -H-- | C] () -- C:\Users\Damjan\AppData\Roaming\winsvcns.sys
[2013.03.29 18:45:19 | 000,665,134 | ---- | C] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.28 17:55:56 | 000,001,175 | ---- | C] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:08 | 000,701,103 | ---- | C] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.23 14:21:09 | 000,261,394 | ---- | C] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:21:09 | 000,234,790 | ---- | C] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:21:09 | 000,228,268 | ---- | C] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:17:33 | 000,262,800 | ---- | C] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:13:46 | 000,040,519 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | C] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,058 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | C] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:25:56 | 030,237,645 | ---- | C] () -- C:\Users\Damjan\cache.rar
[2013.01.18 12:27:05 | 000,000,842 | ---- | C] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2013.01.05 19:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.01.01 23:07:11 | 000,000,211 | ---- | C] () -- C:\ProgramData\acer.zip
[2012.12.27 01:10:00 | 028,205,253 | ---- | C] () -- C:\Users\Damjan\mp_Austria1401_12_10.eu3
[2012.12.25 17:23:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.25 17:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.07 21:50:56 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.11.24 15:38:49 | 000,779,146 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 21:46:19 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.06 15:11:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.06 15:11:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.06 15:11:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.06 15:11:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.06 01:39:34 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2012.11.06 01:39:34 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2012.11.06 01:39:31 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.11.06 01:39:31 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.11.06 01:39:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.11.06 01:39:30 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.11.04 18:35:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.04 15:24:30 | 000,007,597 | ---- | C] () -- C:\Users\Damjan\AppData\Local\Resmon.ResmonCfg
[2012.11.02 19:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 21:56:49 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\.minecraft
[2012.11.06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG
[2013.03.22 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Babylon
[2013.03.22 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DriverCure
[2013.03.17 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2012.11.21 04:32:40 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GoforFiles
[2012.12.14 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\IObit
[2013.01.18 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Kingsoft
[2013.01.06 18:59:12 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade Warband
[2013.01.08 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.11.14 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\NBSoftSolutions
[2013.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Notepad++
[2012.11.04 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Opera
[2012.12.28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Origin
[2012.11.04 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\ParetoLogic
[2013.03.27 23:01:21 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2012.12.07 21:40:22 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TestApp
[2013.02.22 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Tunngle
[2013.03.30 16:47:58 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\uTorrent
[2012.12.03 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Wargaming.net
[2012.12.13 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\YourFileDownloader
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
Extras.txt-
OTL Extras logfile created on: 1.4.2013. 13:51:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.29% Memory free
7.49 Gb Paging File | 6.07 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 96.76 Gb Free Space | 21.84% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe" = C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe:*:Enabled:Microsoft Windows Manager -- (Skype Technologies S.A.)
"C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe" = C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe:*:Enabled:Microsoft Windows Manager -- (Skype Technologies S.A.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308186C-BD1E-497B-89F3-49808982E963}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{152F1625-2926-4AEC-BA6C-86414FBC1BAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C14D561-0468-4B76-8CA1-109600F2EBC8}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{2BEB06B0-0A9E-46C0-A79A-ED81359A7C39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C699605-720E-4DA5-B371-8D571EBD6AF3}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{36404FAB-87B5-4BC0-B018-ABB57EA38D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BE740F1-B45B-4F7C-8CD1-7A0A9111AADC}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{3EE24BD5-A7D5-4406-BDAC-9DF627B720DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F2B372C-59BC-44B1-ACD0-6129B46A2B7D}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{3F382305-C8F1-4F7F-83D3-BF0F87B18349}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{403041EE-5535-4A7B-802E-C006F9BB3950}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{41D779D7-DD57-4AFD-8207-6FD2AED509B1}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{41ED6387-995C-4A4D-8398-E8ED918D4406}" = rport=445 | protocol=6 | dir=out | app=system |
"{439D6BCF-9F45-4499-A034-CA59A673BA08}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4CF2AE89-A2EF-41FE-8252-1C76FB511080}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E480712-7EF3-455C-8408-545F70CC8683}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{71308B28-764F-4416-9BA4-4DFE111DE716}" = lport=53 | protocol=17 | dir=in | name=promo |
"{752B6415-55EE-48B4-AE68-B94E64C756DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C24E274-F530-4022-BC72-58F72605D489}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{7F6EE04F-65A1-4561-9B2C-28616347CAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80D0778B-9BE4-4854-B7A4-A2E46374259D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82934952-613E-4D43-8CBE-7BC50E18E107}" = lport=445 | protocol=6 | dir=in | app=system |
"{954F618D-B17B-44FF-9E1A-0210DBCC7297}" = rport=139 | protocol=6 | dir=out | app=system |
"{9855DD2D-3C0F-4D10-A4E5-5CCA16DD43B1}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{A3E3A866-9132-4F21-91EA-3DE3A132ADC1}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{AD4DA5EA-46A6-420D-B2D0-E37BB1E13780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBC8CEAD-D7F0-4FB1-8394-3BF65C7D344E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEA011FE-0E4A-4043-B200-7333310ED230}" = lport=137 | protocol=17 | dir=in | app=system |
"{C65497A7-0D57-4FCE-A5A5-50349E1E35DB}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{D1F635C5-E8E2-4C37-AA6A-E62A531353B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D570E9D6-D60C-4298-80DF-7CDCD8FFAB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC684A25-23C1-41B1-80E5-5A7982F689B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E103F5F1-4611-4A3D-BD29-5E408904E098}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{E318D8DE-6231-48B7-B137-B6A3FE33A59E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E7427FF2-255C-44CB-BC23-7D49DE3ED984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E84199A3-8B8C-4424-B8E6-228C3C83B32D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EC3D0A61-2912-45CC-8286-A00633DF5F5B}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{EEAD4739-A713-439B-8DB9-2E1426A3431F}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F545ED7C-AAA5-41DB-8688-06FBFA896BE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA5FA871-60F6-4792-B7E6-BAC0410FFFA4}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{FAECE740-5C53-4E0E-9DA6-FB4CA96C7C98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB5489AE-9231-4020-A004-E2F9B9245D7C}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252F0AF-E8BF-4DC6-8259-9BD1B42BCFE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{063FC9AE-5917-4ACC-A1F4-E4517C789305}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{06A852D5-3978-46CE-B865-A9989DDAFB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{088F03F1-BDB7-4645-A911-8CCA2D5D8460}" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC}" = protocol=17 | dir=in | app=c:\windows\temp\temp39.exe |
"{11561526-F9BC-4BA6-9E1C-D622F84319EF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{19CD4B8D-2BCD-4FEB-8CD0-4A39680F6C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B91DCA3-4BED-4C8B-9399-DE311CD135C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26D868EF-E1B8-40E5-8F5A-2C36A1C51E98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{29B0E080-7E1C-4197-B50C-87EBF40E855F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B50CEB8-76B3-4ADB-AD77-17102E168A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{371396C8-F2DD-49F5-BB9F-CBE38C9FA2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3B301B4B-FA4A-4989-9FD4-DFA73C3547CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F515510-AB9B-4B48-9844-3C71F7E42FF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4042E073-ACED-465D-A94C-C88857298380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45882219-A27B-4348-A056-E9EA4E393D20}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4A244410-3681-429E-BEB0-027E3C197F72}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{58CC0ED4-0AD7-45F2-BEB6-168BC577BE8C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{5948C977-E77C-46F4-992A-D08C0541E986}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5DFCD137-EE1D-4A0E-A544-1541AFA14C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6283EC81-E6E9-40EE-9B22-848EE3904D71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A77D1D-F06D-4D14-85FB-A02E60EA033D}" = protocol=6 | dir=out | app=system |
"{6690ABE2-EBFE-41B4-80EF-C5B3E4043739}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66C26C1A-8F91-4A0C-83EC-0B3FD8BA0736}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{68E5F5CC-8A1E-4054-B06D-9D97C7911967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2824F-9EB2-4367-8C00-7584AC72DBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{6C97444E-915D-47C5-B454-0BC72234A7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6D16A92C-096E-423C-943F-7D81F4F553BD}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{70BF7EEB-C772-43CB-B557-E1DCA11FF4F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E18053A-D817-48CA-B11A-836961EAF88F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{802DEB2A-E4D8-4A55-99A9-E68F51948AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A08BEBD-040B-43BE-A5CD-5251BCED45D0}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{8B2A6207-92FD-485A-A2B9-8E7C375C6C73}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{953C51E2-CF6E-4EA0-BD7E-8954907C5B1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A47360C2-AFD0-4017-8074-A1B0CAA44BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C9AD46-81EE-4FDD-A02E-B2CEAE716133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9F65925-92FA-4FE0-A9AE-C73A9F9AEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B1F13AA8-D242-404D-BF9E-30A74137D43C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4ADB5D6-65E5-4682-B9F2-FEF9CD5A8390}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6F54A1E-EE09-4DA6-93C8-B416F019DF9B}" = protocol=58 | dir=in | app=system |
"{BA81DC89-DD77-46DD-93C7-FBECA67ABD79}" = protocol=58 | dir=out | [email protected],-503 |
"{C1D554AB-4DCA-4C3C-861C-7E6052196BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C354D414-9242-46D9-826C-C1EBCA107E69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C467579C-B767-432D-ABDC-8211A7333EEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E}" = protocol=6 | dir=in | app=c:\windows\temp\temp39.exe |
"{C63DEC8F-B800-497F-9AB2-8F839912C3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C98631BA-C5C7-49E5-A3CA-13635A516A4B}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{C9D1D3CD-A888-46FC-973F-482C68D563A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CAD12003-B857-4842-92B6-B29BB52464B0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{CF995917-8A3E-4445-9A1B-BCF23075981F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D05895FD-23AE-4F88-9A25-16508C6D1AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D07F84B7-E439-4DBD-AD12-E2807CE4A20C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{D54F3F49-569D-4C45-8EEF-EEF55D0CCEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D90BA2CC-D306-4731-8B95-E1B27A62FFD1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DF24B8F5-4D24-4B7D-BBC0-E5A0483B1B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3175E51-B6DF-4BA6-8A65-5D128D3DB3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{E3EF0A87-4A4F-47AB-8623-2958EFDE013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D75C65-3556-4064-9348-364FEBFA2202}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{EDBDF15B-FE12-4275-9484-7FCBF9E337F7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EE5E60BE-9FA6-4AF9-A54A-0DDABC2B010E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF416BBF-4259-46B3-9249-55979B342665}" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"{F2AAD619-8632-4ABA-B557-B4C0015B82A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56ADE14-05D8-43FE-9CAB-E4AB9CC2A6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F66704C9-5E3D-47CF-801E-918725A243C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{FDE0D59B-CEE4-4F91-ADF9-6607168675CC}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{FE00B6C5-26E9-460D-83DE-25E2CFE3D4EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{02590C0F-F169-4997-9D2B-045EBFED912A}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{0CC2B42D-80C7-41C1-8A18-61402E186D67}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"TCP Query User{415256FE-8BA6-4468-ACA3-713C7FD98787}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"TCP Query User{421773B7-7CE2-48EB-935A-7D442CD518A6}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"TCP Query User{559AC32C-2667-4D8E-8CD0-890AE43E3854}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{604CD075-48CB-44C0-8E09-FB11063333A8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{64322845-F2CD-4A2A-97E3-C0DBCC48B422}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{7F6F540E-5C33-43FF-8EAD-CEC646000EC9}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"TCP Query User{8500E500-3D77-4B47-8E16-776F39EC4905}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{A0ABA62C-46F3-468E-B8E1-AD7296B424F2}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"TCP Query User{C6FF6122-9EAB-4B83-8DA5-F0758B6FA00A}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{DEE90CB2-B07E-4C9E-90EA-94A781E5D053}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DFE94A45-77D7-4A84-937B-865C03D17EC4}C:\users\damjan\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"TCP Query User{EABE963F-1F51-45F1-B9F7-D81A7F145C23}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0EEE3322-AA5B-48FB-BB47-E77F82664C05}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{29231B05-7671-4652-B9BF-EC8EF9D62F7E}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"UDP Query User{29F5675E-45BE-4D12-A5DA-CE862638B6C8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AB30998-B218-44A4-9C6C-0D1CEE9A77EC}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{3C92B959-FB75-4AB6-9008-6E2EE00F3799}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"UDP Query User{4012B7B1-BAB0-4956-B277-2B56ED35FBAD}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"UDP Query User{440C925A-B4F1-4B0C-AC7C-271C82FE0B5D}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{93A6AC96-8F53-4598-96B4-8A46CB43662E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{B035B03C-466E-4DAB-9EDD-EC7181140FD1}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"UDP Query User{BF1F35B7-40C5-4FEF-A4B1-4F2EEC636250}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{C1079986-1DCF-4E91-8763-F2AA56301904}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"UDP Query User{DBDFA4DE-DEEF-4903-AC0D-1C6445B8ED94}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{F1D6459A-47D0-478C-8404-511F788A309A}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{41253317-0BF1-8A3C-2CED-0C7D8037E97E}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"HP Color LaserJet 1600" = HP Color LaserJet 1600
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SaveAs" = SaveAs
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0815DBB1-B3A7-4C43-8F3A-48CBADEBB86C}" = CoH Cheat Mod v2.301
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1" = Hearts of Iron III - Their Finest Hour version 4.02
"{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{526C9B71-B635-4364-BEDC-809D3F4F5B07}_is1" = CoH Invasion Map Pack
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C84078D-CB3B-47B1-AB51-A333D137F9DB}" = HOI3Editor
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}" = Sci-Fi 2 Sound Pack
"{636E94DA-99C0-448F-A931-3DAD83B4975F}" = SharpKeys
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72317981-CEA7-4D57-AB27-9FEE75AA9060}_is1" = CoH Desert Map Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{91C78DA1-800F-4ACE-B6F6-206F7617D69E}" = Comic Sound Pack
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A514E94F-C436-44C3-A1E9-1F58CD352669}" = Modern War Sounds
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = AMD VISION Engine Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B53415F5-4060-48DA-ABB8-00F768158F47}" = Fantasy Sound Pack
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D16C611D-CA6F-402B-9EDA-9862CF4A701B}" = Sci-Fi Sound Pack
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E00A5837-482C-4DCE-B4CC-D16B343374E1}" = Ancient Weapon Sounds
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.178
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}" = Farm Animal Sounds
"{F71EBF86-9A73-44C0-A674-55FA3E4A8428}" = Spooky Sounds
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"BOSS" = BOSS
"Browser Defender_is1" = Browser Guard 4.0
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divine Wind_is1" = Divine Wind version 5.1
"Easy Driver Pro_is1" = Easy Driver Pro v8.03
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileASSASSIN" = FileASSASSIN
"For the Motherland_is1" = For the Motherland version 3.05
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"FXAA Post Process Injector" = FXAA Post Process Injector
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Kingsoft Writer" = Kingsoft Writer (8.1.0.3030)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MDT" = Battlefield Mod Development Toolkit
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Semper Fi_is1" = Semper Fi 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Sound Tools" = Sound Tools Uninstall
"SP_156f8a5f" = SaveAs 1.66
"SP_c22b9000" = Search Assistant JustBrowse 1.66
"TexView 2" = TexView 2 Uninstall
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Visitor 3" = Visitor 3 Uninstall
"VLC media player" = VLC media player 2.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"SOE-C:/Program Files (x86)/PlanetSide" = gamelauncher-ps2-psg (x86)-PlanetSide
"SOE-C:/Users/Damjan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.3.2013. 8:05:12 | Computer Name = Damjan-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Damjan\Downloads\SoftonicDownloader_for_hamachi.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.3.2013. 10:54:48 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 2487964541.exe, version: 6.2.66.106, time
stamp: 0x5156f54a Faulting module name: BtMmHook.dll, version: 6.3.0.4300, time
stamp: 0x4bacee6b Exception code: 0x40000015 Fault offset: 0x00011958 Faulting process
id: 0x1334 Faulting application start time: 0x01ce2d561d48625d Faulting application
path: C:\Users\Damjan\AppData\Local\Temp\2487964541.exe Faulting module path: C:\Program
Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Report Id: c419ece8-9949-11e2-84c0-60eb69c1029c
Error - 31.3.2013. 4:32:36 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ApplicationUpdater.exe, version: 7.0.0.1,
time stamp: 0x5128d820 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x00039342 Faulting
process id: 0x808 Faulting application start time: 0x01ce2d55f7fd976a Faulting application
path: C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: 89a75942-99dd-11e2-84c0-60eb69c1029c
Error - 31.3.2013. 15:48:22 | Computer Name = Damjan-PC | Source = SaveAsUpdater | ID = 0
Description =
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14711
Error - 31.3.2013. 18:51:40 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14711
Error - 1.4.2013. 4:25:20 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x02b40910 Faulting process id:
0x1b40 Faulting application start time: 0x01ce2e624855b1fb Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: b0b3f1bc-9aa5-11e2-84c0-60eb69c1029c
Error - 1.4.2013. 7:04:07 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x57c Faulting application start time: 0x01ce2ec888b41a38 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: df0e7f47-9abb-11e2-8bb0-ec55f90849df
Error - 1.4.2013. 7:05:16 | Computer Name = Damjan-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 1.4.2013. 7:23:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:24:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:24:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:25:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:25:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:26:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:26:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:27:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:27:41 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 1.4.2013. 7:28:11 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
< End of report >
#4
Posted 01 April 2013 - 02:04 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Hello,
Please, follow these steps:
Step 1. Uninstalling programs.
Programs to uninstall:
Step 2. AdwCleaner scan.
Step 3. OTL fix.
Run OTL
Step 4. Change of the passwords.
I assume, that computer was infected with PSW trojan - malware, which steals your personal and confidential data, such as passwords. So, please, change all your passwords from:
So, please, don't forget to post in your next message:
Please, follow these steps:
Step 1. Uninstalling programs.
- Open Start menu.
- Click on Control Panel.
- Click on Programs and Features. New window should appear.
- Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:
- SaveAs 1.66
- Search Assistant JustBrowse 1.66
Step 2. AdwCleaner scan.
- Please, download AdwCleaner from here to your Desktop.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- Adwcleaner window should appear.
- Click on the Delete button.
- Click on OK.
- Computer will be rebooted automatically, when program will finish it's job.
- After fix Notepad window with report should appear. Post the contents of the report in your next message.
Step 3. OTL fix.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Processes KILLALLPROCESSES :OTL IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...00000FF3A2A88E0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000FF3A2A88E0 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms} CHR - homepage: http://www.delta-sea...00000FF3A2A88E0 O2 - BHO: (SaveAs) - {A74D819A-0955-6615-AE8F-9C9031BCBD6D} - C:\ProgramData\SaveAs\50fb05e22320f.dll () O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [SonyAgent] C:\Windows\temp\temp39.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Microsoft Windows Manager] C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe (Skype Technologies S.A.) [2013.03.30 16:13:12 | 000,000,000 | RHSD | C] -- C:\Users\Damjan\S-100-4902-8593-5693 [2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Babylon [2013.03.22 16:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.03.22 16:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.04.01 13:04:37 | 000,000,000 | -H-- | M] () -- C:\Users\Damjan\AppData\Roaming\winsvcns.sys [2013.03.22 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Babylon @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC}"=- "{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E}"=- :Commands [EMPTYTEMP] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Step 4. Change of the passwords.
I assume, that computer was infected with PSW trojan - malware, which steals your personal and confidential data, such as passwords. So, please, change all your passwords from:
- IM-Messengers (Skype/ICQ/AOL/etc.)
- Internet Banks
- FTP-servers
- Web-hosting
- Social networks
- Forums
- E-mails
- Other websites
- and etc.
So, please, don't forget to post in your next message:
- AdwCleaner log
- OTL log
#5
Posted 03 April 2013 - 05:48 AM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
Unfortuneatly, I lost the adwcleaner log becouse I was rebooting the pc from OTL, and I can't renember how was the log called. But it did it's job without any errors. But here's the OTL log:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A74D819A-0955-6615-AE8F-9C9031BCBD6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A74D819A-0955-6615-AE8F-9C9031BCBD6D}\ not found.
File C:\ProgramData\SaveAs\50fb05e22320f.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ deleted successfully.
C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SonyAgent not found.
File C:\Windows\temp\temp39.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager not found.
File C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe not found.
C:\Users\Damjan\S-100-4902-8593-5693 folder moved successfully.
Folder C:\Users\Damjan\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\ProgramData\Tarma Installer\ not found.
C:\Users\Damjan\AppData\Roaming\winsvcns.sys moved successfully.
Folder C:\Users\Damjan\AppData\Roaming\Babylon\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Damjan
->Temp folder emptied: 8733662277 bytes
->Temporary Internet Files folder emptied: 242167931 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 334192459 bytes
->Flash cache emptied: 1235 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Riccardo
User: sgr
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11703725 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8
OTL by OldTimer - Version 3.2.69.0 log created on 04032013_133849
Files\Folders moved on Reboot...
C:\Users\Damjan\AppData\Local\Temp\Rar$DIa0.699\Company Of Heroes - Opposing Fronts (2007).iso moved successfully.
C:\Users\Damjan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Damjan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A74D819A-0955-6615-AE8F-9C9031BCBD6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A74D819A-0955-6615-AE8F-9C9031BCBD6D}\ not found.
File C:\ProgramData\SaveAs\50fb05e22320f.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ deleted successfully.
C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SonyAgent not found.
File C:\Windows\temp\temp39.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager not found.
File C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe not found.
C:\Users\Damjan\S-100-4902-8593-5693 folder moved successfully.
Folder C:\Users\Damjan\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\ProgramData\Tarma Installer\ not found.
C:\Users\Damjan\AppData\Roaming\winsvcns.sys moved successfully.
Folder C:\Users\Damjan\AppData\Roaming\Babylon\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Damjan\S-100-4902-8593-5693\winmgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FDE3604-DB6B-4CCA-8248-9A4A4582F5FC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B05320-E4D0-42D7-A51F-E8BB3DA6152E}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Damjan
->Temp folder emptied: 8733662277 bytes
->Temporary Internet Files folder emptied: 242167931 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 334192459 bytes
->Flash cache emptied: 1235 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Riccardo
User: sgr
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11703725 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8
OTL by OldTimer - Version 3.2.69.0 log created on 04032013_133849
Files\Folders moved on Reboot...
C:\Users\Damjan\AppData\Local\Temp\Rar$DIa0.699\Company Of Heroes - Opposing Fronts (2007).iso moved successfully.
C:\Users\Damjan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Damjan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#6
Posted 03 April 2013 - 12:35 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
How is your computer running now?
See here:
C:\AdwCleaner[R1].txt
What about this step?
Unfortuneatly, I lost the adwcleaner log becouse I was rebooting the pc from OTL, and I can't renember how was the log called.
See here:
C:\AdwCleaner[R1].txt
What about this step?
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#7
Posted 03 April 2013 - 01:43 PM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
Sorry, wrong OTL log.
anyway: adwcleaner
# AdwCleaner v2.011 - Logfile created 12/07/2012 at 21:45:04
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Damjan - DAMJAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Damjan\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Browser Manager
***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Users\Damjan\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Damjan\AppData\Roaming\Babylon
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Google Chrome v23.0.1271.95
File : C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2780 octets] - [07/12/2012 21:45:04]
########## EOF - C:\AdwCleaner[S1].txt - [2840 octets] ##########
OTL
OTL logfile created on: 3.4.2013. 21:25:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.72% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.03 13:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damjan\Downloads\OTL.exe
PRC - [2013.03.23 11:58:47 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.03.22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.03.13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.02.19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 12:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.23 11:58:49 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013.03.22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.09.28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.03.26 12:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.03.12 23:15:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.02.19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.01.08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 12:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 19:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.02.14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.11.04 19:49:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.02 19:49:47 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.10.23 18:40:32 | 000,077,144 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.05 19:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.02 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.15 05:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.18 16:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.14 00:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.14 00:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.01 07:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 84 CF 50 DF F4 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.12.07 21:51:18 | 000,000,000 | ---D | M]
[2013.03.22 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damjan\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2012.11.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
O1 HOSTS File: ([2012.12.09 23:08:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software)
O4 - HKCU..\Run: [mapdisk] C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7FEB547-ECC0-4937-9B7E-14E24CE0CBE0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.03 13:38:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.01 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\AVG2013
[2013.04.01 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\TuneUp Software
[2013.04.01 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.04.01 17:42:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.04.01 17:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\MFAData
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Avg2013
[2013.04.01 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013.03.30 14:31:32 | 011,202,368 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\RelicCOH.exe
[2013.03.30 14:31:07 | 004,272,448 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\rs.dll
[2013.03.30 13:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.03.30 13:41:25 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2013.03.27 22:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.03.27 22:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013.03.27 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013.03.22 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.03.22 16:25:21 | 000,000,000 | ---D | C] -- C:\WW2
[2013.03.22 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Mozilla
[2013.03.22 14:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\WarThunder
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.03.19 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013.03.19 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder
[2013.03.17 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2013.03.16 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.03.16 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Threat Expert
[2013.03.13 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.10 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2013.03.09 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Games
========== Files - Modified Within 30 Days ==========
[2013.04.03 21:20:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 21:20:08 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.03 21:20:06 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Damjan.job
[2013.04.03 21:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 19:16:01 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.04.03 13:50:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 13:50:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 13:47:42 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.03 13:47:42 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.03 13:47:42 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.03 13:41:16 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 13:41:16 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.04.03 13:41:10 | 3018,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 22:07:12 | 000,000,211 | ---- | M] () -- C:\ProgramData\acer.zip
[2013.04.01 17:43:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.01 17:38:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.31 10:38:42 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2013.03.29 18:46:08 | 000,665,134 | ---- | M] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.29 10:29:33 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013.03.28 17:55:56 | 000,001,175 | ---- | M] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:50 | 000,701,103 | ---- | M] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.27 20:39:37 | 000,000,914 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013.03.27 20:39:37 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.03.26 11:01:34 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.03.23 14:22:19 | 000,228,268 | ---- | M] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:22:10 | 000,234,790 | ---- | M] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:22:04 | 000,261,394 | ---- | M] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:17:57 | 000,262,800 | ---- | M] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:14:11 | 000,002,648 | ---- | M] () -- C:\Users\Damjan\Desktop\Mount&Blade With Fire and Sword [by iMortaluz].lnk
[2013.03.23 12:14:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.23 12:13:46 | 000,040,519 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | M] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:29:55 | 030,237,645 | ---- | M] () -- C:\Users\Damjan\cache.rar
========== Files Created - No Company Name ==========
[2013.04.01 17:43:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.29 18:45:19 | 000,665,134 | ---- | C] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.28 17:55:56 | 000,001,175 | ---- | C] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:08 | 000,701,103 | ---- | C] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.23 14:21:09 | 000,261,394 | ---- | C] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:21:09 | 000,234,790 | ---- | C] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:21:09 | 000,228,268 | ---- | C] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:17:33 | 000,262,800 | ---- | C] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:13:46 | 000,040,519 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | C] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,058 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | C] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:25:56 | 030,237,645 | ---- | C] () -- C:\Users\Damjan\cache.rar
[2013.01.18 12:27:05 | 000,000,842 | ---- | C] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2013.01.05 19:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.01.01 23:07:11 | 000,000,211 | ---- | C] () -- C:\ProgramData\acer.zip
[2012.12.27 01:10:00 | 028,205,253 | ---- | C] () -- C:\Users\Damjan\mp_Austria1401_12_10.eu3
[2012.12.25 17:23:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.25 17:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.07 21:50:56 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.11.24 15:38:49 | 000,779,146 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 21:46:19 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.06 15:11:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.06 15:11:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.06 15:11:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.06 15:11:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.06 01:39:34 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2012.11.06 01:39:34 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2012.11.06 01:39:31 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.11.06 01:39:31 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.11.06 01:39:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.11.06 01:39:30 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.11.04 18:35:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.04 15:24:30 | 000,007,597 | ---- | C] () -- C:\Users\Damjan\AppData\Local\Resmon.ResmonCfg
[2012.11.02 19:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.02 16:03:38 | 000,159,744 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\skype.dat
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 21:56:49 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\.minecraft
[2012.11.06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG
[2013.04.01 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG2013
[2013.03.22 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DriverCure
[2013.03.17 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2012.11.21 04:32:40 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GoforFiles
[2013.04.02 03:18:06 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\IObit
[2013.01.18 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Kingsoft
[2013.01.06 18:59:12 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade Warband
[2013.01.08 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.11.14 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\NBSoftSolutions
[2013.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Notepad++
[2012.11.04 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Opera
[2012.12.28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Origin
[2012.11.04 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\ParetoLogic
[2013.04.02 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2012.12.07 21:40:22 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TestApp
[2013.04.01 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TuneUp Software
[2013.02.22 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Tunngle
[2013.04.02 03:18:07 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\uTorrent
[2012.12.03 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Wargaming.net
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
Extras
OTL Extras logfile created on: 3.4.2013. 21:25:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.72% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308186C-BD1E-497B-89F3-49808982E963}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{152F1625-2926-4AEC-BA6C-86414FBC1BAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C14D561-0468-4B76-8CA1-109600F2EBC8}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{2BEB06B0-0A9E-46C0-A79A-ED81359A7C39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C699605-720E-4DA5-B371-8D571EBD6AF3}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{36404FAB-87B5-4BC0-B018-ABB57EA38D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BE740F1-B45B-4F7C-8CD1-7A0A9111AADC}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{3EE24BD5-A7D5-4406-BDAC-9DF627B720DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F2B372C-59BC-44B1-ACD0-6129B46A2B7D}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{3F382305-C8F1-4F7F-83D3-BF0F87B18349}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{403041EE-5535-4A7B-802E-C006F9BB3950}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{41D779D7-DD57-4AFD-8207-6FD2AED509B1}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{41ED6387-995C-4A4D-8398-E8ED918D4406}" = rport=445 | protocol=6 | dir=out | app=system |
"{439D6BCF-9F45-4499-A034-CA59A673BA08}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4CF2AE89-A2EF-41FE-8252-1C76FB511080}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E480712-7EF3-455C-8408-545F70CC8683}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{752B6415-55EE-48B4-AE68-B94E64C756DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C24E274-F530-4022-BC72-58F72605D489}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{7F6EE04F-65A1-4561-9B2C-28616347CAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80D0778B-9BE4-4854-B7A4-A2E46374259D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82934952-613E-4D43-8CBE-7BC50E18E107}" = lport=445 | protocol=6 | dir=in | app=system |
"{954F618D-B17B-44FF-9E1A-0210DBCC7297}" = rport=139 | protocol=6 | dir=out | app=system |
"{9855DD2D-3C0F-4D10-A4E5-5CCA16DD43B1}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{A3E3A866-9132-4F21-91EA-3DE3A132ADC1}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{AD4DA5EA-46A6-420D-B2D0-E37BB1E13780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBC8CEAD-D7F0-4FB1-8394-3BF65C7D344E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEA011FE-0E4A-4043-B200-7333310ED230}" = lport=137 | protocol=17 | dir=in | app=system |
"{C65497A7-0D57-4FCE-A5A5-50349E1E35DB}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{D1F635C5-E8E2-4C37-AA6A-E62A531353B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D570E9D6-D60C-4298-80DF-7CDCD8FFAB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC684A25-23C1-41B1-80E5-5A7982F689B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E103F5F1-4611-4A3D-BD29-5E408904E098}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{E318D8DE-6231-48B7-B137-B6A3FE33A59E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E7427FF2-255C-44CB-BC23-7D49DE3ED984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E84199A3-8B8C-4424-B8E6-228C3C83B32D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EC3D0A61-2912-45CC-8286-A00633DF5F5B}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{EEAD4739-A713-439B-8DB9-2E1426A3431F}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F545ED7C-AAA5-41DB-8688-06FBFA896BE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA5FA871-60F6-4792-B7E6-BAC0410FFFA4}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{FAECE740-5C53-4E0E-9DA6-FB4CA96C7C98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB5489AE-9231-4020-A004-E2F9B9245D7C}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252F0AF-E8BF-4DC6-8259-9BD1B42BCFE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{063FC9AE-5917-4ACC-A1F4-E4517C789305}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{06A852D5-3978-46CE-B865-A9989DDAFB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{11561526-F9BC-4BA6-9E1C-D622F84319EF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{19CD4B8D-2BCD-4FEB-8CD0-4A39680F6C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B91DCA3-4BED-4C8B-9399-DE311CD135C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26D868EF-E1B8-40E5-8F5A-2C36A1C51E98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{29B0E080-7E1C-4197-B50C-87EBF40E855F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B50CEB8-76B3-4ADB-AD77-17102E168A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3038FFDB-450A-4C6E-94A7-1AD4C0182C45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{371396C8-F2DD-49F5-BB9F-CBE38C9FA2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3B301B4B-FA4A-4989-9FD4-DFA73C3547CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CF4B1E6-F736-4E17-AE3A-95977A0E1EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{3F515510-AB9B-4B48-9844-3C71F7E42FF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4042E073-ACED-465D-A94C-C88857298380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45882219-A27B-4348-A056-E9EA4E393D20}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{46FD4180-C270-475C-B5B9-0311B3364A64}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{49F351B9-6FDD-44A8-B1AC-3826943AF857}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4A244410-3681-429E-BEB0-027E3C197F72}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4D658D70-9B4F-420D-8AC9-AD6CD9DF8045}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4F3EEF4D-D530-4D34-BC5B-EC826B24A5BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{58CC0ED4-0AD7-45F2-BEB6-168BC577BE8C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{5948C977-E77C-46F4-992A-D08C0541E986}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5DFCD137-EE1D-4A0E-A544-1541AFA14C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6283EC81-E6E9-40EE-9B22-848EE3904D71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A77D1D-F06D-4D14-85FB-A02E60EA033D}" = protocol=6 | dir=out | app=system |
"{6690ABE2-EBFE-41B4-80EF-C5B3E4043739}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66C26C1A-8F91-4A0C-83EC-0B3FD8BA0736}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{68E5F5CC-8A1E-4054-B06D-9D97C7911967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2824F-9EB2-4367-8C00-7584AC72DBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{6C97444E-915D-47C5-B454-0BC72234A7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6D16A92C-096E-423C-943F-7D81F4F553BD}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{6D711E96-944F-4766-8B84-02BC10256079}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{70BF7EEB-C772-43CB-B557-E1DCA11FF4F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{762828DA-63ED-44FA-AE8B-C5E2910DF1AD}" = protocol=58 | dir=in | app=system |
"{7E18053A-D817-48CA-B11A-836961EAF88F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{802DEB2A-E4D8-4A55-99A9-E68F51948AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A08BEBD-040B-43BE-A5CD-5251BCED45D0}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{8B2A6207-92FD-485A-A2B9-8E7C375C6C73}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{953C51E2-CF6E-4EA0-BD7E-8954907C5B1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A47360C2-AFD0-4017-8074-A1B0CAA44BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C9AD46-81EE-4FDD-A02E-B2CEAE716133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9F65925-92FA-4FE0-A9AE-C73A9F9AEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B1F13AA8-D242-404D-BF9E-30A74137D43C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4ADB5D6-65E5-4682-B9F2-FEF9CD5A8390}" = protocol=1 | dir=out | [email protected],-28544 |
"{C1D554AB-4DCA-4C3C-861C-7E6052196BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C354D414-9242-46D9-826C-C1EBCA107E69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C467579C-B767-432D-ABDC-8211A7333EEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{C591ADEA-E549-49CE-A374-CCBE464F8E0F}" = protocol=58 | dir=out | [email protected],-503 |
"{C63DEC8F-B800-497F-9AB2-8F839912C3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C98631BA-C5C7-49E5-A3CA-13635A516A4B}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{C9C5B8FA-1C99-41F8-8054-9F430C3BAAB7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C9D1D3CD-A888-46FC-973F-482C68D563A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CAD12003-B857-4842-92B6-B29BB52464B0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{CF995917-8A3E-4445-9A1B-BCF23075981F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D05895FD-23AE-4F88-9A25-16508C6D1AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D07F84B7-E439-4DBD-AD12-E2807CE4A20C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{D54F3F49-569D-4C45-8EEF-EEF55D0CCEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D90BA2CC-D306-4731-8B95-E1B27A62FFD1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DF24B8F5-4D24-4B7D-BBC0-E5A0483B1B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3175E51-B6DF-4BA6-8A65-5D128D3DB3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{E3EF0A87-4A4F-47AB-8623-2958EFDE013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D75C65-3556-4064-9348-364FEBFA2202}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{EDBDF15B-FE12-4275-9484-7FCBF9E337F7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EE5E60BE-9FA6-4AF9-A54A-0DDABC2B010E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2AAD619-8632-4ABA-B557-B4C0015B82A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56ADE14-05D8-43FE-9CAB-E4AB9CC2A6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F66704C9-5E3D-47CF-801E-918725A243C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{FDE0D59B-CEE4-4F91-ADF9-6607168675CC}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{FE00B6C5-26E9-460D-83DE-25E2CFE3D4EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{02590C0F-F169-4997-9D2B-045EBFED912A}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{0CC2B42D-80C7-41C1-8A18-61402E186D67}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"TCP Query User{415256FE-8BA6-4468-ACA3-713C7FD98787}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"TCP Query User{421773B7-7CE2-48EB-935A-7D442CD518A6}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"TCP Query User{559AC32C-2667-4D8E-8CD0-890AE43E3854}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{604CD075-48CB-44C0-8E09-FB11063333A8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{64322845-F2CD-4A2A-97E3-C0DBCC48B422}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{7F6F540E-5C33-43FF-8EAD-CEC646000EC9}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"TCP Query User{8500E500-3D77-4B47-8E16-776F39EC4905}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{A0ABA62C-46F3-468E-B8E1-AD7296B424F2}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"TCP Query User{C6FF6122-9EAB-4B83-8DA5-F0758B6FA00A}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{DEE90CB2-B07E-4C9E-90EA-94A781E5D053}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DFE94A45-77D7-4A84-937B-865C03D17EC4}C:\users\damjan\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"TCP Query User{EABE963F-1F51-45F1-B9F7-D81A7F145C23}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0EEE3322-AA5B-48FB-BB47-E77F82664C05}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{29231B05-7671-4652-B9BF-EC8EF9D62F7E}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"UDP Query User{29F5675E-45BE-4D12-A5DA-CE862638B6C8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AB30998-B218-44A4-9C6C-0D1CEE9A77EC}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{3C92B959-FB75-4AB6-9008-6E2EE00F3799}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"UDP Query User{4012B7B1-BAB0-4956-B277-2B56ED35FBAD}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"UDP Query User{440C925A-B4F1-4B0C-AC7C-271C82FE0B5D}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{93A6AC96-8F53-4598-96B4-8A46CB43662E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{B035B03C-466E-4DAB-9EDD-EC7181140FD1}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"UDP Query User{BF1F35B7-40C5-4FEF-A4B1-4F2EEC636250}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{C1079986-1DCF-4E91-8763-F2AA56301904}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"UDP Query User{DBDFA4DE-DEEF-4903-AC0D-1C6445B8ED94}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{F1D6459A-47D0-478C-8404-511F788A309A}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{41253317-0BF1-8A3C-2CED-0C7D8037E97E}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"HP Color LaserJet 1600" = HP Color LaserJet 1600
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0815DBB1-B3A7-4C43-8F3A-48CBADEBB86C}" = CoH Cheat Mod v2.301
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1" = Hearts of Iron III - Their Finest Hour version 4.02
"{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{526C9B71-B635-4364-BEDC-809D3F4F5B07}_is1" = CoH Invasion Map Pack
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C84078D-CB3B-47B1-AB51-A333D137F9DB}" = HOI3Editor
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}" = Sci-Fi 2 Sound Pack
"{636E94DA-99C0-448F-A931-3DAD83B4975F}" = SharpKeys
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72317981-CEA7-4D57-AB27-9FEE75AA9060}_is1" = CoH Desert Map Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{91C78DA1-800F-4ACE-B6F6-206F7617D69E}" = Comic Sound Pack
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A514E94F-C436-44C3-A1E9-1F58CD352669}" = Modern War Sounds
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = AMD VISION Engine Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B53415F5-4060-48DA-ABB8-00F768158F47}" = Fantasy Sound Pack
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D16C611D-CA6F-402B-9EDA-9862CF4A701B}" = Sci-Fi Sound Pack
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E00A5837-482C-4DCE-B4CC-D16B343374E1}" = Ancient Weapon Sounds
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.178
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}" = Farm Animal Sounds
"{F71EBF86-9A73-44C0-A674-55FA3E4A8428}" = Spooky Sounds
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"BOSS" = BOSS
"Browser Defender_is1" = Browser Guard 4.0
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divine Wind_is1" = Divine Wind version 5.1
"Easy Driver Pro_is1" = Easy Driver Pro v8.03
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"For the Motherland_is1" = For the Motherland version 3.05
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"FXAA Post Process Injector" = FXAA Post Process Injector
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Kingsoft Writer" = Kingsoft Writer (8.1.0.3030)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MDT" = Battlefield Mod Development Toolkit
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Semper Fi_is1" = Semper Fi 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Sound Tools" = Sound Tools Uninstall
"TexView 2" = TexView 2 Uninstall
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Visitor 3" = Visitor 3 Uninstall
"VLC media player" = VLC media player 2.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"SOE-C:/Program Files (x86)/PlanetSide" = gamelauncher-ps2-psg (x86)-PlanetSide
"SOE-C:/Users/Damjan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
Error - 3.4.2013. 7:45:17 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x140 Faulting application start time: 0x01ce3060b1885c58 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: f42428c0-9c53-11e2-976b-60eb69c1029c
Error - 3.4.2013. 8:20:32 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 26.0.1410.43 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17f0 Start
Time: 01ce30645b793657 Termination Time: 13 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report
Id: de217475-9c58-11e2-976b-60eb69c1029c
Error - 3.4.2013. 8:20:53 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 26.0.1410.43 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e80 Start
Time: 01ce3065a394cfb4 Termination Time: 13 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report
Id: eacbd6c7-9c58-11e2-976b-60eb69c1029c
Error - 3.4.2013. 10:29:25 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x7568 Faulting application start time: 0x01ce30776d5a6070 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: e1e84aad-9c6a-11e2-976b-60eb69c1029c
[ System Events ]
Error - 3.4.2013. 8:05:29 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 3.4.2013. 8:05:59 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 3.4.2013. 8:27:17 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 8:27:27 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 8:28:08 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 9:03:03 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 10:27:56 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 13:15:46 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 13:59:45 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 15:20:04 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
My computer is fine now, the malware, if it's still here, isn't doing anything. However, it can sometimes wait a little bit, about a day, unitl it makes me again explain my 83 skype contacts that I've sent them a virus -.-
anyway: adwcleaner
# AdwCleaner v2.011 - Logfile created 12/07/2012 at 21:45:04
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Damjan - DAMJAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Damjan\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Browser Manager
***** [Files / Folders] *****
Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Users\Damjan\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Damjan\AppData\Roaming\Babylon
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Google Chrome v23.0.1271.95
File : C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2780 octets] - [07/12/2012 21:45:04]
########## EOF - C:\AdwCleaner[S1].txt - [2840 octets] ##########
OTL
OTL logfile created on: 3.4.2013. 21:25:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.72% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.03 13:38:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damjan\Downloads\OTL.exe
PRC - [2013.03.23 11:58:47 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.03.22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.03.13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.02.19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 12:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.23 11:58:49 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013.03.22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.09.28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.03.26 12:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.03.12 23:15:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.02.19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.01.08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.28 16:18:49 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 12:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 19:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.10.23 18:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.02.26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.02.14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.11.04 19:49:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.02 19:49:47 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.10.23 18:40:32 | 000,077,144 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.05 19:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.02 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.15 05:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.18 16:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.14 00:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.14 00:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.01 07:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 84 CF 50 DF F4 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1BEABBA3-A6F0-4A23-8A64-BD7D9B678375}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.12.07 21:51:18 | 000,000,000 | ---D | M]
[2013.03.22 16:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Damjan\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2012.11.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\3.5.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
O1 HOSTS File: ([2012.12.09 23:08:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software)
O4 - HKCU..\Run: [mapdisk] C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7FEB547-ECC0-4937-9B7E-14E24CE0CBE0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.03 13:38:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.01 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\AVG2013
[2013.04.01 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\TuneUp Software
[2013.04.01 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.04.01 17:42:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.04.01 17:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\MFAData
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.04.01 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Avg2013
[2013.04.01 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.01 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2013.03.30 14:31:32 | 011,202,368 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\RelicCOH.exe
[2013.03.30 14:31:07 | 004,272,448 | ---- | C] (THQ Canada Inc.) -- C:\Users\Damjan\rs.dll
[2013.03.30 13:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.03.30 13:41:25 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2013.03.27 22:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.03.27 22:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013.03.27 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013.03.22 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.03.22 16:25:21 | 000,000,000 | ---D | C] -- C:\WW2
[2013.03.22 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Mozilla
[2013.03.22 14:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\WarThunder
[2013.03.19 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.03.19 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2013.03.19 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder
[2013.03.17 00:06:10 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2013.03.16 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.03.16 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Threat Expert
[2013.03.13 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.10 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2013.03.09 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Games
========== Files - Modified Within 30 Days ==========
[2013.04.03 21:20:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 21:20:08 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.03 21:20:06 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Damjan.job
[2013.04.03 21:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 19:16:01 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.04.03 13:50:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 13:50:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 13:47:42 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.03 13:47:42 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.03 13:47:42 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.03 13:41:16 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 13:41:16 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.04.03 13:41:10 | 3018,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 22:07:12 | 000,000,211 | ---- | M] () -- C:\ProgramData\acer.zip
[2013.04.01 17:43:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.01 17:38:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.31 10:38:42 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2013.03.29 18:46:08 | 000,665,134 | ---- | M] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.29 10:29:33 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013.03.28 17:55:56 | 000,001,175 | ---- | M] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:50 | 000,701,103 | ---- | M] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.27 20:39:37 | 000,000,914 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Nexus Mod Manager.lnk
[2013.03.27 20:39:37 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.03.26 11:01:34 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.03.23 14:22:19 | 000,228,268 | ---- | M] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:22:10 | 000,234,790 | ---- | M] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:22:04 | 000,261,394 | ---- | M] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:17:57 | 000,262,800 | ---- | M] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:14:11 | 000,002,648 | ---- | M] () -- C:\Users\Damjan\Desktop\Mount&Blade With Fire and Sword [by iMortaluz].lnk
[2013.03.23 12:14:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.23 12:13:46 | 000,040,519 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | M] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | M] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:29:55 | 030,237,645 | ---- | M] () -- C:\Users\Damjan\cache.rar
========== Files Created - No Company Name ==========
[2013.04.01 17:43:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.03.29 18:45:19 | 000,665,134 | ---- | C] () -- C:\Users\Damjan\2013-03-29_17.42.09.png
[2013.03.28 17:55:56 | 000,001,175 | ---- | C] () -- C:\Users\Damjan\Desktop\CoHLauncher.exe - Shortcut.lnk
[2013.03.28 16:29:08 | 000,701,103 | ---- | C] () -- C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
[2013.03.27 22:47:49 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\MorphVOX Pro.lnk
[2013.03.23 14:21:09 | 000,261,394 | ---- | C] () -- C:\Users\Damjan\pun pogled.jpg
[2013.03.23 14:21:09 | 000,234,790 | ---- | C] () -- C:\Users\Damjan\početak-kraj.jpg
[2013.03.23 14:21:09 | 000,228,268 | ---- | C] () -- C:\Users\Damjan\kraj-početak.jpg
[2013.03.23 14:17:33 | 000,262,800 | ---- | C] () -- C:\Users\Damjan\evo sta jos radim, treba samo jos dodati 30 fencova (i više).jpg
[2013.03.23 12:13:46 | 000,040,519 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Emily.jpg
[2013.03.23 12:13:09 | 000,046,376 | ---- | C] () -- C:\Users\Damjan\Desktop\ClrSheet_Thomas.jpg
[2013.03.22 14:18:04 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
[2013.03.19 21:07:44 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\War Thunder.lnk
[2013.03.17 00:06:15 | 000,001,072 | ---- | C] () -- C:\Users\Damjan\Desktop\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,058 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2013.03.17 00:06:15 | 000,001,052 | ---- | C] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2013.03.16 23:49:50 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.03.16 00:39:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.16 00:39:56 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.06 19:25:56 | 030,237,645 | ---- | C] () -- C:\Users\Damjan\cache.rar
[2013.01.18 12:27:05 | 000,000,842 | ---- | C] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2013.01.05 19:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.01.01 23:07:11 | 000,000,211 | ---- | C] () -- C:\ProgramData\acer.zip
[2012.12.27 01:10:00 | 028,205,253 | ---- | C] () -- C:\Users\Damjan\mp_Austria1401_12_10.eu3
[2012.12.25 17:23:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.25 17:23:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.07 21:50:56 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.11.24 15:38:49 | 000,779,146 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 21:46:19 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.06 15:11:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.06 15:11:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.06 15:11:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.06 15:11:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.06 01:39:34 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2012.11.06 01:39:34 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2012.11.06 01:39:31 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.11.06 01:39:31 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.11.06 01:39:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.11.06 01:39:30 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.11.04 18:35:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.04 15:24:30 | 000,007,597 | ---- | C] () -- C:\Users\Damjan\AppData\Local\Resmon.ResmonCfg
[2012.11.02 19:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.02 16:03:38 | 000,159,744 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\skype.dat
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.19 21:56:49 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\.minecraft
[2012.11.06 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG
[2013.04.01 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\AVG2013
[2013.03.22 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\DriverCure
[2013.03.17 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GameRanger
[2012.11.21 04:32:40 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\GoforFiles
[2013.04.02 03:18:06 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\IObit
[2013.01.18 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Kingsoft
[2013.01.06 18:59:12 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade Warband
[2013.01.08 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.11.14 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\NBSoftSolutions
[2013.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Notepad++
[2012.11.04 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Opera
[2012.12.28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Origin
[2012.11.04 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\ParetoLogic
[2013.04.02 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Screaming Bee
[2012.12.07 21:40:22 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TestApp
[2013.04.01 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\TuneUp Software
[2013.02.22 18:40:46 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Tunngle
[2013.04.02 03:18:07 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\uTorrent
[2012.12.03 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Damjan\AppData\Roaming\Wargaming.net
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
Extras
OTL Extras logfile created on: 3.4.2013. 21:25:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.
3.75 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.72% Memory free
7.49 Gb Paging File | 5.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 488.16 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.16 Mb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive P: | 443.13 Gb Total Space | 112.92 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308186C-BD1E-497B-89F3-49808982E963}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{152F1625-2926-4AEC-BA6C-86414FBC1BAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C14D561-0468-4B76-8CA1-109600F2EBC8}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{2BEB06B0-0A9E-46C0-A79A-ED81359A7C39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C699605-720E-4DA5-B371-8D571EBD6AF3}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{36404FAB-87B5-4BC0-B018-ABB57EA38D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BE740F1-B45B-4F7C-8CD1-7A0A9111AADC}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{3EE24BD5-A7D5-4406-BDAC-9DF627B720DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F2B372C-59BC-44B1-ACD0-6129B46A2B7D}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{3F382305-C8F1-4F7F-83D3-BF0F87B18349}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{403041EE-5535-4A7B-802E-C006F9BB3950}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{41D779D7-DD57-4AFD-8207-6FD2AED509B1}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{41ED6387-995C-4A4D-8398-E8ED918D4406}" = rport=445 | protocol=6 | dir=out | app=system |
"{439D6BCF-9F45-4499-A034-CA59A673BA08}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{4CF2AE89-A2EF-41FE-8252-1C76FB511080}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E480712-7EF3-455C-8408-545F70CC8683}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{752B6415-55EE-48B4-AE68-B94E64C756DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C24E274-F530-4022-BC72-58F72605D489}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{7F6EE04F-65A1-4561-9B2C-28616347CAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80D0778B-9BE4-4854-B7A4-A2E46374259D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82934952-613E-4D43-8CBE-7BC50E18E107}" = lport=445 | protocol=6 | dir=in | app=system |
"{954F618D-B17B-44FF-9E1A-0210DBCC7297}" = rport=139 | protocol=6 | dir=out | app=system |
"{9855DD2D-3C0F-4D10-A4E5-5CCA16DD43B1}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{A3E3A866-9132-4F21-91EA-3DE3A132ADC1}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{AD4DA5EA-46A6-420D-B2D0-E37BB1E13780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBC8CEAD-D7F0-4FB1-8394-3BF65C7D344E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEA011FE-0E4A-4043-B200-7333310ED230}" = lport=137 | protocol=17 | dir=in | app=system |
"{C65497A7-0D57-4FCE-A5A5-50349E1E35DB}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{D1F635C5-E8E2-4C37-AA6A-E62A531353B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D570E9D6-D60C-4298-80DF-7CDCD8FFAB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC684A25-23C1-41B1-80E5-5A7982F689B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E103F5F1-4611-4A3D-BD29-5E408904E098}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{E318D8DE-6231-48B7-B137-B6A3FE33A59E}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{E7427FF2-255C-44CB-BC23-7D49DE3ED984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E84199A3-8B8C-4424-B8E6-228C3C83B32D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EC3D0A61-2912-45CC-8286-A00633DF5F5B}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{EEAD4739-A713-439B-8DB9-2E1426A3431F}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F545ED7C-AAA5-41DB-8688-06FBFA896BE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA5FA871-60F6-4792-B7E6-BAC0410FFFA4}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{FAECE740-5C53-4E0E-9DA6-FB4CA96C7C98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB5489AE-9231-4020-A004-E2F9B9245D7C}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252F0AF-E8BF-4DC6-8259-9BD1B42BCFE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{063FC9AE-5917-4ACC-A1F4-E4517C789305}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{06A852D5-3978-46CE-B865-A9989DDAFB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{11561526-F9BC-4BA6-9E1C-D622F84319EF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{19CD4B8D-2BCD-4FEB-8CD0-4A39680F6C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B91DCA3-4BED-4C8B-9399-DE311CD135C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26D868EF-E1B8-40E5-8F5A-2C36A1C51E98}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{29B0E080-7E1C-4197-B50C-87EBF40E855F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B50CEB8-76B3-4ADB-AD77-17102E168A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3038FFDB-450A-4C6E-94A7-1AD4C0182C45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{371396C8-F2DD-49F5-BB9F-CBE38C9FA2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3B301B4B-FA4A-4989-9FD4-DFA73C3547CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CF4B1E6-F736-4E17-AE3A-95977A0E1EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{3F515510-AB9B-4B48-9844-3C71F7E42FF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4042E073-ACED-465D-A94C-C88857298380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45882219-A27B-4348-A056-E9EA4E393D20}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{46FD4180-C270-475C-B5B9-0311B3364A64}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{49F351B9-6FDD-44A8-B1AC-3826943AF857}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4A244410-3681-429E-BEB0-027E3C197F72}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4D658D70-9B4F-420D-8AC9-AD6CD9DF8045}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4F3EEF4D-D530-4D34-BC5B-EC826B24A5BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{58CC0ED4-0AD7-45F2-BEB6-168BC577BE8C}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{5948C977-E77C-46F4-992A-D08C0541E986}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5DFCD137-EE1D-4A0E-A544-1541AFA14C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6283EC81-E6E9-40EE-9B22-848EE3904D71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A77D1D-F06D-4D14-85FB-A02E60EA033D}" = protocol=6 | dir=out | app=system |
"{6690ABE2-EBFE-41B4-80EF-C5B3E4043739}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{66C26C1A-8F91-4A0C-83EC-0B3FD8BA0736}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{68E5F5CC-8A1E-4054-B06D-9D97C7911967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2824F-9EB2-4367-8C00-7584AC72DBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{6C97444E-915D-47C5-B454-0BC72234A7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{6D16A92C-096E-423C-943F-7D81F4F553BD}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{6D711E96-944F-4766-8B84-02BC10256079}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{70BF7EEB-C772-43CB-B557-E1DCA11FF4F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{762828DA-63ED-44FA-AE8B-C5E2910DF1AD}" = protocol=58 | dir=in | app=system |
"{7E18053A-D817-48CA-B11A-836961EAF88F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{802DEB2A-E4D8-4A55-99A9-E68F51948AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8A08BEBD-040B-43BE-A5CD-5251BCED45D0}" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{8B2A6207-92FD-485A-A2B9-8E7C375C6C73}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"{953C51E2-CF6E-4EA0-BD7E-8954907C5B1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A47360C2-AFD0-4017-8074-A1B0CAA44BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C9AD46-81EE-4FDD-A02E-B2CEAE716133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9F65925-92FA-4FE0-A9AE-C73A9F9AEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B1F13AA8-D242-404D-BF9E-30A74137D43C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4ADB5D6-65E5-4682-B9F2-FEF9CD5A8390}" = protocol=1 | dir=out | [email protected],-28544 |
"{C1D554AB-4DCA-4C3C-861C-7E6052196BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C354D414-9242-46D9-826C-C1EBCA107E69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C467579C-B767-432D-ABDC-8211A7333EEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{C591ADEA-E549-49CE-A374-CCBE464F8E0F}" = protocol=58 | dir=out | [email protected],-503 |
"{C63DEC8F-B800-497F-9AB2-8F839912C3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C98631BA-C5C7-49E5-A3CA-13635A516A4B}" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"{C9C5B8FA-1C99-41F8-8054-9F430C3BAAB7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C9D1D3CD-A888-46FC-973F-482C68D563A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CAD12003-B857-4842-92B6-B29BB52464B0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{CF995917-8A3E-4445-9A1B-BCF23075981F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D05895FD-23AE-4F88-9A25-16508C6D1AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D07F84B7-E439-4DBD-AD12-E2807CE4A20C}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"{D54F3F49-569D-4C45-8EEF-EEF55D0CCEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D90BA2CC-D306-4731-8B95-E1B27A62FFD1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DF24B8F5-4D24-4B7D-BBC0-E5A0483B1B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3175E51-B6DF-4BA6-8A65-5D128D3DB3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{E3EF0A87-4A4F-47AB-8623-2958EFDE013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D75C65-3556-4064-9348-364FEBFA2202}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{EDBDF15B-FE12-4275-9484-7FCBF9E337F7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{EE5E60BE-9FA6-4AF9-A54A-0DDABC2B010E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2AAD619-8632-4ABA-B557-B4C0015B82A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56ADE14-05D8-43FE-9CAB-E4AB9CC2A6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F66704C9-5E3D-47CF-801E-918725A243C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{FDE0D59B-CEE4-4F91-ADF9-6607168675CC}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{FE00B6C5-26E9-460D-83DE-25E2CFE3D4EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{02590C0F-F169-4997-9D2B-045EBFED912A}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{0CC2B42D-80C7-41C1-8A18-61402E186D67}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"TCP Query User{415256FE-8BA6-4468-ACA3-713C7FD98787}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"TCP Query User{421773B7-7CE2-48EB-935A-7D442CD518A6}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
"TCP Query User{559AC32C-2667-4D8E-8CD0-890AE43E3854}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{604CD075-48CB-44C0-8E09-FB11063333A8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{64322845-F2CD-4A2A-97E3-C0DBCC48B422}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{7F6F540E-5C33-43FF-8EAD-CEC646000EC9}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=6 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"TCP Query User{8500E500-3D77-4B47-8E16-776F39EC4905}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{A0ABA62C-46F3-468E-B8E1-AD7296B424F2}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"TCP Query User{C6FF6122-9EAB-4B83-8DA5-F0758B6FA00A}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{DEE90CB2-B07E-4C9E-90EA-94A781E5D053}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DFE94A45-77D7-4A84-937B-865C03D17EC4}C:\users\damjan\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\users\damjan\games\company of heroes\reliccoh.exe |
"TCP Query User{EABE963F-1F51-45F1-B9F7-D81A7F145C23}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0EEE3322-AA5B-48FB-BB47-E77F82664C05}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{29231B05-7671-4652-B9BF-EC8EF9D62F7E}C:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paradox interactive\europa universalis iii\eu3game.exe |
"UDP Query User{29F5675E-45BE-4D12-A5DA-CE862638B6C8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2AB30998-B218-44A4-9C6C-0D1CEE9A77EC}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{3C92B959-FB75-4AB6-9008-6E2EE00F3799}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe |
"UDP Query User{4012B7B1-BAB0-4956-B277-2B56ED35FBAD}C:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\napoleonic wars by imortaluz\mb_warband.exe |
"UDP Query User{440C925A-B4F1-4B0C-AC7C-271C82FE0B5D}C:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\damjan\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{93A6AC96-8F53-4598-96B4-8A46CB43662E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{B035B03C-466E-4DAB-9EDD-EC7181140FD1}C:\users\damjan\games\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\users\damjan\games\company of heroes\bugreport\bugreport.exe |
"UDP Query User{BF1F35B7-40C5-4FEF-A4B1-4F2EEC636250}C:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{C1079986-1DCF-4E91-8763-F2AA56301904}C:\program files (x86)\mta san andreas 1.3\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas 1.3\server\mta server.exe |
"UDP Query User{DBDFA4DE-DEEF-4903-AC0D-1C6445B8ED94}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{F1D6459A-47D0-478C-8404-511F788A309A}C:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe" = protocol=17 | dir=in | app=c:\users\damjan\downloads\mount&blade complete collection\with fire and sword by imortaluz\mb_wfas.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{41253317-0BF1-8A3C-2CED-0C7D8037E97E}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"HP Color LaserJet 1600" = HP Color LaserJet 1600
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0815DBB1-B3A7-4C43-8F3A-48CBADEBB86C}" = CoH Cheat Mod v2.301
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1" = Hearts of Iron III - Their Finest Hour version 4.02
"{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{526C9B71-B635-4364-BEDC-809D3F4F5B07}_is1" = CoH Invasion Map Pack
"{573F9269-A022-4C6F-97BD-CF1316A76369}" = Creatures of Darkness
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C84078D-CB3B-47B1-AB51-A333D137F9DB}" = HOI3Editor
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}" = Fantasy Voice Pack
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}" = Sci-Fi 2 Sound Pack
"{636E94DA-99C0-448F-A931-3DAD83B4975F}" = SharpKeys
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72317981-CEA7-4D57-AB27-9FEE75AA9060}_is1" = CoH Desert Map Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}" = Galactic Voices
"{8B531332-0D5D-4B3B-A22C-8330DEA695A7}" = LogMeIn Hamachi
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{91C78DA1-800F-4ACE-B6F6-206F7617D69E}" = Comic Sound Pack
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A514E94F-C436-44C3-A1E9-1F58CD352669}" = Modern War Sounds
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = AMD VISION Engine Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B53415F5-4060-48DA-ABB8-00F768158F47}" = Fantasy Sound Pack
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D16C611D-CA6F-402B-9EDA-9862CF4A701B}" = Sci-Fi Sound Pack
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E00A5837-482C-4DCE-B4CC-D16B343374E1}" = Ancient Weapon Sounds
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.178
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}" = Farm Animal Sounds
"{F71EBF86-9A73-44C0-A674-55FA3E4A8428}" = Spooky Sounds
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"BOSS" = BOSS
"Browser Defender_is1" = Browser Guard 4.0
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Divine Wind_is1" = Divine Wind version 5.1
"Easy Driver Pro_is1" = Easy Driver Pro v8.03
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"For the Motherland_is1" = For the Motherland version 3.05
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"FXAA Post Process Injector" = FXAA Post Process Injector
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Kingsoft Writer" = Kingsoft Writer (8.1.0.3030)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MDT" = Battlefield Mod Development Toolkit
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Semper Fi_is1" = Semper Fi 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Sound Tools" = Sound Tools Uninstall
"TexView 2" = TexView 2 Uninstall
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Visitor 3" = Visitor 3 Uninstall
"VLC media player" = VLC media player 2.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"SOE-C:/Program Files (x86)/PlanetSide" = gamelauncher-ps2-psg (x86)-PlanetSide
"SOE-C:/Users/Damjan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 3.4.2013. 7:43:09 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
Error - 3.4.2013. 7:43:10 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
Error - 3.4.2013. 7:45:17 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x140 Faulting application start time: 0x01ce3060b1885c58 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: f42428c0-9c53-11e2-976b-60eb69c1029c
Error - 3.4.2013. 8:20:32 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 26.0.1410.43 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17f0 Start
Time: 01ce30645b793657 Termination Time: 13 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report
Id: de217475-9c58-11e2-976b-60eb69c1029c
Error - 3.4.2013. 8:20:53 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 26.0.1410.43 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e80 Start
Time: 01ce3065a394cfb4 Termination Time: 13 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report
Id: eacbd6c7-9c58-11e2-976b-60eb69c1029c
Error - 3.4.2013. 10:29:25 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atibtmon.exe, version: 2.0.0.0, time stamp:
0x4a04ab6c Faulting module name: atioglxx.dll_unloaded, version: 0.0.0.0, time stamp:
0x4a8a0dde Exception code: 0xc0000005 Fault offset: 0x69830910 Faulting process id:
0x7568 Faulting application start time: 0x01ce30776d5a6070 Faulting application path:
C:\Windows\system32\atibtmon.exe Faulting module path: atioglxx.dll Report Id: e1e84aad-9c6a-11e2-976b-60eb69c1029c
[ System Events ]
Error - 3.4.2013. 8:05:29 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 3.4.2013. 8:05:59 | Computer Name = Damjan-PC | Source = Service Control Manager | ID = 7003
Description = The PC Tools Browser Defender Driver service depends the following
service: PCTCore. This service might not be installed.
Error - 3.4.2013. 8:27:17 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 8:27:27 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 8:28:08 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 9:03:03 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 10:27:56 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 13:15:46 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 13:59:45 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 3.4.2013. 15:20:04 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
My computer is fine now, the malware, if it's still here, isn't doing anything. However, it can sometimes wait a little bit, about a day, unitl it makes me again explain my 83 skype contacts that I've sent them a virus -.-
#8
Posted 04 April 2013 - 03:49 AM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Please, follow these steps:
Step 1. AdwCleaner scan.
Step 2. MBAM scan.
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3. ESET Online Scanner scan.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
So, please, don't forget to post in your next message:
Step 1. AdwCleaner scan.
- Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
- AdwCleaner window should appear.
- Click on the Search button.
- After scan Notepad window with report should appear. Post the contents of the report in your next message.
Step 2. MBAM scan.
Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3. ESET Online Scanner scan.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
So, please, don't forget to post in your next message:
- AdwCleaner log
- MBAM log
- ESET Online Scanner log
#9
Posted 04 April 2013 - 11:03 AM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
# AdwCleaner v2.200 - Logfile created 04/04/2013 at 13:19:59
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Damjan - DAMJAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Damjan\Downloads\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.43
File : C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [659 octets] - [04/04/2013 13:20:00]
AdwCleaner[S1].txt - [2905 octets] - [07/12/2012 22:45:04]
AdwCleaner[S2].txt - [3761 octets] - [03/04/2013 13:31:39]
########## EOF - C:\AdwCleaner[R1].txt - [838 octets] ##########
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.31.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Damjan :: DAMJAN-PC [administrator]
4.4.2013. 13:21:10
mbam-log-2013-04-04 (13-21-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225802
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Damjan\AppData\Roaming\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
ESET logfile doesn't exist? But it found 7 stuff and removed them all.
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Damjan - DAMJAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Damjan\Downloads\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.43
File : C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [659 octets] - [04/04/2013 13:20:00]
AdwCleaner[S1].txt - [2905 octets] - [07/12/2012 22:45:04]
AdwCleaner[S2].txt - [3761 octets] - [03/04/2013 13:31:39]
########## EOF - C:\AdwCleaner[R1].txt - [838 octets] ##########
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.31.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Damjan :: DAMJAN-PC [administrator]
4.4.2013. 13:21:10
mbam-log-2013-04-04 (13-21-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225802
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Damjan\AppData\Roaming\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
ESET logfile doesn't exist? But it found 7 stuff and removed them all.
#10
Posted 04 April 2013 - 11:40 AM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
For ESET, try that:
C:\Program Files (x86)\EsetOnlineScanner\log.txt
C:\Program Files (x86)\EsetOnlineScanner\log.txt
#11
Posted 04 April 2013 - 12:23 PM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
Nope, not there.
Edited by CrazyShadowDami, 04 April 2013 - 12:23 PM.
#12
Posted 04 April 2013 - 12:54 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
What about these locations?
C:\Program Files\ESET\EsetOnlineScanner\log.txt
C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt
C:\Program Files\ESET\EsetOnlineScanner\log.txt
C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt
#13
Posted 04 April 2013 - 02:20 PM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
Nope. I have an eset folder in program files (x86), but no logs there.
#14
Posted 04 April 2013 - 02:28 PM
Phel
-
- Malware Removal
-
- 1,386 posts
Trusted Helper
Okay. So, how is your computer running now? Any problems yet?
#15
Posted 04 April 2013 - 03:04 PM
CrazyShadowDami
- Topic Starter
-
- Member
-
- 23 posts
Member
No problems.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
