Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse PSW.Banker6.BADV [Closed]


  • This topic is locked This topic is locked

#1
sappedsentry

sappedsentry

    New Member

  • Member
  • Pip
  • 4 posts
Hi everyone.

Just recently I downloaded a file and ran a scan on the file before opening it. AVG's scan detected Trojan Horse PSW.Banker6.BADV and was able to successfully quarantine it. However, I want to be sure that this isn't still on my computer because after doing some googling, apparently this trojan horse likes to steal financial information. Any tips on how to know if this baddie is still lurking around somewhere?

Thanks for your time!
  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello sappedsentry, welcome to GeeksToGo!

Let's see whether anything is hiding in the background:

OTL

Please download OTL (by OldTimer) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
  • Double-click OTL.exe to run it.
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom
  • 0

#3
sappedsentry

sappedsentry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Tom, thanks for the prompt response!

Edited by sappedsentry, 01 September 2013 - 11:44 AM.

  • 0

#4
sappedsentry

sappedsentry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL.txt

OTL logfile created on: 9/1/2013 12:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wally\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 53.77% Memory free
16.00 Gb Paging File | 12.36 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.41 Gb Total Space | 357.94 Gb Free Space | 38.93% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Wally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 12:18:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wally\Downloads\OTL.exe
PRC - [2013/08/28 16:47:18 | 001,811,880 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/08/28 16:47:18 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/08/14 21:54:34 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/08/14 21:54:34 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/14 21:54:34 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2013/07/29 10:21:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2013/02/02 21:05:46 | 001,718,920 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/03/24 13:23:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2009/08/05 15:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/31 16:39:41 | 001,007,464 | ---- | M] () -- C:\Users\Wally\AppData\Local\Temp\com.nvidia\NVIDIA GPU_Reader\1.3.3\GPU_Reader.dll
MOD - [2013/08/28 16:47:20 | 001,120,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/08/24 12:49:53 | 000,410,576 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
MOD - [2013/08/24 12:49:52 | 013,594,064 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
MOD - [2013/08/24 12:49:51 | 004,053,456 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll
MOD - [2013/08/24 12:49:01 | 000,709,584 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
MOD - [2013/08/24 12:49:00 | 000,099,792 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\libegl.dll
MOD - [2013/08/24 12:48:58 | 001,604,560 | ---- | M] () -- C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
MOD - [2013/08/21 17:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/08/14 21:54:34 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/08/14 21:54:34 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/14 21:54:34 | 000,144,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2013/08/07 14:31:06 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/29 10:21:18 | 000,016,808 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/05 15:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/08/28 16:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/20 13:57:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 21:54:34 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/24 13:23:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/04 19:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2013/08/14 21:54:34 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/12/03 23:06:29 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/08/29 01:03:00 | 000,214,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vid.sys -- (VF0350Vid)
DRV:64bit: - [2007/06/11 01:01:02 | 000,214,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Afx.sys -- (VF0350Afx)
DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/04 19:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D017962-AB89-4641-A857-7CF93A09570A}
IE:64bit: - HKLM\..\SearchScopes\{0D017962-AB89-4641-A857-7CF93A09570A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{0E41A470-5078-4933-AF0A-AFDA115D4623}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{0D017962-AB89-4641-A857-7CF93A09570A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{0E41A470-5078-4933-AF0A-AFDA115D4623}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0D017962-AB89-4641-A857-7CF93A09570A}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{0E41A470-5078-4933-AF0A-AFDA115D4623}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{38ff8076-6604-4047-b1ee-5d41c7bda255}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-09-29 11:02:59&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.17.3.36670
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.10
FF - prefs.js..keyword.URL: "https://isearch.avg....fr&d=2011-09-27 19:11:10&v=12.2.5.32&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npGlbNMNetmarbleDownload: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNetmarbleDownload.dll (CJInternet Inc.)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npGlbNMNPAPIUpdater: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNPAPIUpdater.dll (Netmarble)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npGlbNMStarter: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMStarter.dll ( CJ Internet)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npGlbNMWebMessengerPlugin: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMWebMessengerPlugin.dll (Netmarble)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npNMSystemIDInfo: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npNMSystemIDInfo.dll ( CJ Internet)
FF - HKLM\Software\MozillaPlugins\@netmarble.com/npNMSystemInformer: C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npNMSystemInformer.dll ( CJ Internet)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wally\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wally\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wally\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 23:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/31 16:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/15 15:36:53 | 000,000,000 | ---D | M]

[2010/05/29 16:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wally\AppData\Roaming\mozilla\Extensions
[2009/11/30 19:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wally\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/29 16:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wally\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/07/24 22:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wally\AppData\Roaming\mozilla\Firefox\Profiles\5j1awjen.default\extensions
[2009/12/02 22:34:59 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Wally\AppData\Roaming\mozilla\Firefox\Profiles\5j1awjen.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/15 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wally\AppData\Roaming\mozilla\Firefox\Profiles\5j1awjen.default\extensions\DivXWebPlayer@divx.com-trash
[2013/06/03 19:14:19 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\Wally\AppData\Roaming\mozilla\Firefox\Profiles\5j1awjen.default\extensions\toolbar@ask.com
[2009/12/02 22:35:16 | 000,004,554 | ---- | M] () -- C:\Users\Wally\AppData\Roaming\mozilla\firefox\profiles\5j1awjen.default\searchplugins\aim-search.xml
[2012/11/19 11:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/16 12:34:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/24 16:08:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/07/10 16:12:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 14:12:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/14 08:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 08:01:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/07/05 10:20:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/11/19 11:24:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2010/07/16 12:34:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2010/07/16 12:34:53 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2010/07/16 12:34:54 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2013/05/11 05:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/31 16:19:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2010/02/17 19:30:26 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/02/17 19:30:26 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2013/02/18 23:55:03 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/02/17 19:30:26 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2010/02/17 19:30:26 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2010/02/17 19:30:26 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2010/02/17 19:30:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2010/02/17 19:30:26 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wally\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: npGlbNMFFUpdaterPlugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNPAPIUpdater.dll
CHR - plugin: glbNMDownloader-plugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMNetmarbleDownload.dll
CHR - plugin: npGlbNMStarter plugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMStarter.dll
CHR - plugin: npGlbNMWebMessengerPlugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npGlbNMWebMessengerPlugin.dll
CHR - plugin: npNMSystemIDInfo plugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npNMSystemIDInfo.dll
CHR - plugin: npNMSystemInformer plugin (Enabled) = C:\NetmarbleGlobal\GlbNMNPAPIPlugins\npNMSystemInformer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wally\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wally\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: After the Deadline = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: AVG Secure Search = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Wally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

O1 HOSTS File: ([2011/10/15 17:34:02 | 000,001,805 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Wally\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73081B24-3EC4-44C7-9D4E-AEF1628B5A02}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell - "" = AutoRun
O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell\setup\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/21 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Wally\Desktop\bio pics
[2013/08/15 09:57:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/01 12:38:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 12:35:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226410047-2800721095-3950422651-1000UA.job
[2013/09/01 11:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 04:15:06 | 000,000,000 | ---- | M] () -- C:\Users\Wally\AppData\Local\prvlcl.dat
[2013/08/31 21:38:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/31 16:42:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/31 16:42:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/31 16:35:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226410047-2800721095-3950422651-1000Core.job
[2013/08/31 16:34:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/31 16:34:34 | 2146,881,535 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/28 20:07:07 | 000,883,771 | ---- | M] () -- C:\Users\Wally\Desktop\AP BIOLOGY PAK 1 HOMEWORK 13 form(3).pdf
[2013/08/28 19:48:38 | 000,002,370 | ---- | M] () -- C:\Users\Wally\Desktop\Google Chrome.lnk
[2013/08/23 19:44:29 | 000,043,867 | ---- | M] () -- C:\Users\Wally\Desktop\brick tamland.jpg
[2013/08/20 23:22:29 | 000,270,238 | ---- | M] () -- C:\Users\Wally\Desktop\schedule.jpg
[2013/08/15 10:02:52 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/15 10:02:52 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/15 10:02:52 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/14 21:54:34 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/08/13 19:30:45 | 000,010,712 | ---- | M] () -- C:\Users\Wally\Desktop\brick.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/28 19:16:12 | 000,883,771 | ---- | C] () -- C:\Users\Wally\Desktop\AP BIOLOGY PAK 1 HOMEWORK 13 form(3).pdf
[2013/08/23 19:44:29 | 000,043,867 | ---- | C] () -- C:\Users\Wally\Desktop\brick tamland.jpg
[2013/08/20 23:22:29 | 000,270,238 | ---- | C] () -- C:\Users\Wally\Desktop\schedule.jpg
[2013/08/13 19:30:44 | 000,010,712 | ---- | C] () -- C:\Users\Wally\Desktop\brick.jpg
[2012/12/19 15:27:11 | 000,000,132 | ---- | C] () -- C:\Users\Wally\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/25 15:36:26 | 000,027,520 | ---- | C] () -- C:\Users\Wally\AppData\Local\dt.dat
[2012/02/16 20:50:44 | 000,000,145 | ---- | C] () -- C:\Users\Wally\.appletviewer
[2011/09/25 23:04:26 | 000,007,598 | ---- | C] () -- C:\Users\Wally\AppData\Local\Resmon.ResmonCfg
[2011/07/18 16:01:23 | 001,101,135 | ---- | C] () -- C:\Users\Wally\minecraft.jar
[2011/01/19 16:42:35 | 000,006,656 | ---- | C] () -- C:\Users\Wally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 15:27:25 | 000,028,717 | ---- | C] () -- C:\Users\Wally\yao.jpg
[2010/11/23 15:16:11 | 000,006,304 | ---- | C] () -- C:\Users\Wally\hand grenade.jpg
[2010/05/30 13:26:07 | 000,030,358 | ---- | C] () -- C:\Users\Wally\lulz.jpg
[2010/04/30 20:56:41 | 000,087,022 | ---- | C] () -- C:\Users\Wally\Untitled.jpg
[2010/04/11 10:30:53 | 000,019,172 | ---- | C] () -- C:\Users\Wally\AppData\Roaming\wklnhst.dat
[2010/02/02 21:23:21 | 000,000,000 | ---- | C] () -- C:\Users\Wally\AppData\Local\prvlcl.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




Extras.txt


OTL Extras logfile created on: 9/1/2013 12:43:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wally\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 53.77% Memory free
16.00 Gb Paging File | 12.36 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.41 Gb Total Space | 357.94 Gb Free Space | 38.93% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Wally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09178E67-F887-4A79-8948-BEA842816C3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{0B2782AF-76BE-4D98-AAD4-F6C166B4F51A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18AE332C-87B2-4EAD-ABA1-3CA0BBBABA2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19FE5AB9-9FE3-4E9E-A4F5-19A5E094A3A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1A5CD038-802F-439C-B911-25D2BB3435FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CFA95D3-8CAD-4015-997D-45BD03E41CA0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{43F173E9-61B1-4C5B-AD33-9CEBA14A54DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{580D94EF-B597-4DFB-B981-E550CCE50023}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{652B5E3D-EB46-4872-B2CC-14E84F091D7E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{667B6973-B010-4C50-97EB-C3AB7A8AF538}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C9B8716-4F7A-4F0A-8E28-6DA58F49565C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72B4806E-B5B2-45E3-869D-7C22B3D4AE17}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BEAE2CF-78D5-4EDC-AACD-19124E0201AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BB32750-5746-4B23-9E16-9F48136C8412}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E8409AF-8BF1-4817-930C-3D24E50CB6BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE2FFE22-007E-4410-9DC9-AA9EC16C323F}" = rport=137 | protocol=17 | dir=out | app=system |
"{B63B07A6-1AE7-4AAF-B3C6-0E730C62E213}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB61C224-95C1-4783-87EA-9BE0BDEC4436}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4F4CA46-A806-4D69-8C25-351C4EABD162}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC1B5AEB-8F85-478C-AB02-766EDF6B39BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2520103-77A3-4029-8586-04E9F45A0E98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBC1F0AB-2B46-45CD-9B30-E9AA2D7D6E05}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD0CBE30-A0E6-455B-9405-25D1845BC7F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE97F806-38AC-4B99-AFE3-B078E3B3C248}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DEE1A993-BE9D-43FF-908A-79AB423B3387}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF4FBE2D-74DF-4A73-8050-82524B6E1796}" = lport=139 | protocol=6 | dir=in | app=system |
"{EEB784E5-329E-4606-BD67-388B34441574}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3B839ED-ACBF-433F-93E2-ED2F8D9CB81F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F439980B-EDAB-4D06-8505-24236426CE69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FBC762-6F99-445C-AF47-71CEEB8AA283}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{0397426E-3776-4811-B38E-B3E30FD7C028}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0430A820-FD80-4703-82CD-95078774BAAE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{056905D3-708C-45D2-8821-AE1CF9B2A674}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{07A76976-081E-4587-9AA4-1044501B5088}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\garrysmod\hl2.exe |
"{092D0FBA-9554-427D-AD97-B6D77BD0C1D3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0AB42EB1-D1BC-407D-8C3D-FD8E8C3359D4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{0B611EAC-F46E-48C8-9602-D3869523EE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\garrysmod\hl2.exe |
"{0BC52F10-9518-40F0-B23E-C56851117063}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher2.exe |
"{1065E445-B8A2-43A5-ABE3-A5EF265D0D11}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{10A0D6A1-E360-47E7-BDD4-EB47794F4F94}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{10CF7D0C-0240-4047-B8A5-70248EA03374}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{11193CD0-D31F-4F64-86E7-1C04B276FF78}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{12901EBF-7CCE-4BB8-B221-D5DCED5E95AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{136753C7-45C4-449F-BC9D-B732E8C73D16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{14C91B12-0947-4C23-AB6F-B3546FB7F459}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{16658F25-675B-4EF7-9706-9FEA68D20B7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{179BD73B-4837-4ED4-A112-76371F7B43EF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{17FFE45B-88D9-4506-BA3D-12D51191C76A}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{18336276-6FA5-46D9-8B33-35357A2789F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{1913BCCB-6B6E-48ED-8C5B-14EFE3FEC17C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{197D23BF-1A13-4107-9B85-1738716AA25A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatchery.exe |
"{19B0F4D0-E07E-4BFF-8FC0-4C99484A1857}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1AEF2205-C160-4117-A82D-17A915512967}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{1B1AD05C-33D8-4B37-B6BC-C993B8D92941}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1CE3A51A-E726-40DC-9251-BD209B5ABE2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2036608E-0E79-42BD-A0F9-C20CF555E539}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{208E48DD-4FBF-4560-A0F6-A07A3ABEB21A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{21418414-2152-49D1-A9BD-BAC98E75C0F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{215E8F25-34F7-4BE5-ABC0-CA2DC1EB5A40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{21F5BB60-C9EC-48A7-8339-36AD4DF640E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{226F0673-A81B-4111-800A-887002AA87C5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2384EBD7-6E70-4C4E-A6B0-A87D82B79327}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{2742E6C7-C597-4975-B908-580C7B8A5743}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27C3C645-DB1B-4A46-9FAE-DBE370E75204}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2852313D-38F5-472C-A971-4696096B319D}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{29CF1046-4E4A-492E-BA5E-80DD3524A79A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{2B566A4F-3FD8-4FE8-B814-9C8580282AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2CA634FB-2939-4457-AE08-971F4D7B8A86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CF19F20-D88A-4800-B6B7-AF61D0F7DCE4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D200710-4BA2-44F2-831F-F16D3F0DF98F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{2E055480-3FD7-4EDB-8A46-8865DFF190C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcherx.exe |
"{30FBFC51-C99E-473B-89D3-066BA76132B0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31DAE24D-E96E-4044-A0FB-084CD76971F7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{33388ABE-CC3A-4905-B7AD-D5CEA3292273}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{350EF82D-6515-4DEE-871F-08A7E0E764AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{35B502CA-2A8E-4504-8AA2-AB2975335B3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36925A45-A060-4C32-931B-DFC3D1209F74}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{36FFE8AB-2D9C-4F93-84F3-0ECD1A3EAB7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{37C921E8-158D-4FAD-9AFE-0DC8E2FC3212}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{39687F92-ED98-4C19-BEA1-F1419A13A966}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A42A2B3-2800-469C-B3EE-975F6BB75A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{3CE694A5-AAD4-4E33-9457-721473258F47}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3FC6CC51-DF2E-46CE-86BA-7F0AC43D74A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40E2C214-96BD-42EB-BF74-DC5040214472}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{414B9F3D-D221-4C4C-A486-F65DD3466EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{4207C846-19F2-4611-83FE-F4D82070C003}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{457D18C5-DFA4-4E19-87D3-8B7EB4D63992}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{45C5956F-C31B-476C-A0FD-A40BD570ED61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{47001485-E75E-4897-B43C-3F719829045D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{4A0F8EA5-2FE4-4FAC-85F8-68D9B801DBE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4A2CE9D3-DBC3-42EB-8F79-4811A85D9DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4B7A94CF-85D8-4993-8FE7-774EC6205B08}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4C0191D7-4F4D-4065-AF84-64E950675BD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F3D7D52-4F5C-4F31-9245-4CC2ABDE830A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{50BBB276-52E9-4AC6-90D8-83F1804BD95F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{516DFB67-80DF-4E2C-83E2-FE4B7F0D8218}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52925AB8-3C31-4852-A03F-52B329DE7165}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{554F646F-E6BA-4ACB-B559-8FFC503D5FB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{55E54151-11C0-4BCD-98DA-050D8C347E04}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{569BB40D-C47F-44DB-919A-F56936B40819}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{592ED1E8-AF66-4E1B-84B3-695A66693FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe |
"{5B4A9FE6-45C9-412B-8B10-EC075E9056CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{5C877320-04D9-4505-9123-C4109F052980}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5CCE5447-6130-463C-8675-5055AAC39AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5D7DD5F5-5992-4655-A496-FC0C8DCA28E8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5EE17A24-0315-45E2-9D37-73BD97185C45}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{61B1D574-9527-40F0-8EB6-5666EEC2E1AA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{663C2398-0A40-4E49-B707-FA37BEEC26C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{69862429-B59D-4AC5-A25A-24997FD9FAEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A44247A-8573-45DE-9E48-8ECF448D80D3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6BCED47B-AADD-47C8-9212-741775878F80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CF766EB-BA9F-4227-8E19-A15435DD20F2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{6D4EFE81-A408-40A4-99F4-FF0E2BE34BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{6E01DA08-AA5F-4890-B2C2-089EAE20A32E}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{6F1ABD01-68A4-4428-899E-9CB7DC9F3D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6F465274-9FEB-4DCB-A3DD-94966CDAE79D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6FEABC24-4EBD-451D-BBEF-9455108BC839}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{731D9CCE-59E5-4CE2-8C5C-D4088B024B54}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{73BEB83F-1096-4A84-8A3A-64A10ADFE2D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{744241C4-7CB5-4F15-9B58-5176AB281625}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{748F32D1-7A3F-4F28-8AD6-EEF03E6C239F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{75BB42A0-493E-463D-9CDB-819AD1EA6D81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{769BBC96-2472-42B2-AA5B-3577722AA910}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{79A0D41A-2B06-48AE-BE3E-F108D822B1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{79BA9231-2842-41AA-93DF-C5213C693F56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7B9ECE8E-F3DD-4412-ACBD-7FD205A6625A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe |
"{7BAF06F2-82C3-4452-98FE-12DA5303C082}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{7C0DC463-FA57-41CF-8C0C-1AFC7CEE7654}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{7DF5A64F-BF68-4BC9-BCF5-245A65219ADF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher.exe |
"{7F98F31F-DB67-48B5-942F-6575ABDEB01F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{8137EDA9-C046-42CC-B3F7-8331973FAE84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{82197A8F-3918-4A1C-91CC-EAC748F7FB8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{855C4E6A-5241-4893-8E68-9BFF1F00BC4E}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{856AB77D-1C51-4893-8573-EEEE0B3090BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{88360538-E924-4EEE-9512-0E25C223D332}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{898202F1-1C07-42B7-94BB-189AF4D3F7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{8B327EE5-10E7-4134-B75E-D999544272D1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8CE6F8EA-D26E-4D2A-B659-71A5F015DFB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{8F8303C0-B608-4788-84C1-C631578B6B40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{93462999-6B29-42F3-B908-6F6FCD3E7450}" = protocol=6 | dir=in | app=c:\users\wally\appdata\local\temp\blizzard installer bootstrap - 00f0af94\installer.exe |
"{95EB9628-3D76-4591-99B2-F49BA4D92B01}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{96A9ADCA-ECC7-49DE-B1F7-8FBDDDEBEECE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{98BE1C10-DA71-4206-96AA-0469F699089E}" = protocol=17 | dir=in | app=c:\users\wally\appdata\local\temp\blizzard installer bootstrap - 00f0af94\installer.exe |
"{99DCB7F1-40C6-4293-9343-1DF92C549BA9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9A0049FE-35D0-416D-BE53-BFEA40E92419}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{9C686B97-A3BC-4383-8C43-E6EB2D25D321}" = dir=out | app=%programfiles%\adobe\adobe after effects cs6\support files\afterfx.exe |
"{9C8831C6-24EF-4FAE-8327-17CF825D1A49}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9CEE23F8-7625-4BDE-A848-F9C58620F760}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{9E790665-FFAA-4C40-B56B-230578D5C5CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{9E8E7F5E-35DD-4625-A1CA-34AA2476E1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9EF2B1FB-53B1-43ED-95CD-BC7512B7E78A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9F209097-8E4A-487A-B20E-DEDC07B4DD47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{A03677A4-B3D2-4245-982B-3E3C0B4EC2EB}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{A061D732-CAF8-4411-93BE-F4240A3713BA}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{A1C22F6E-A0CC-48D4-B673-D7BFD7EBC466}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A2B4882A-AA79-42C1-ADBC-9C7EA0009756}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A50255CB-3EAA-4E75-B401-23719295B6D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{A55C089F-41EC-4232-AEBE-542EF40210BA}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{A5676C24-F49D-4500-989F-40D42A8FEF74}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A59D0B74-C486-4D6A-8CAA-009119F068E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{A715FDEB-0BEA-46D2-8CE6-783C4AACAECB}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{A7AA935F-F89C-496D-A780-3EB2C63BD175}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{A859EE97-05B2-4732-A90A-C3D87A0D2889}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{AB7E50E6-46D3-4C2F-A5B8-0BACD20DD03C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{ABA6E1FE-A787-4BFC-943D-D6F90AA0740D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{AC4DE435-2C33-4D2B-8C9B-F92EB5CE6603}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{AC701127-62C6-46BB-91B9-27ACB5399631}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{ADB22993-9409-406E-BE75-2B951A4E078D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{ADCD0B1B-6E80-4A2F-BC8B-BE6F2DDCA0FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{AE7CA5FC-F23C-4593-B5EC-0B612C5BC716}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatchery.exe |
"{B0336007-6AAC-45BC-A7A0-245022529C45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{B5C96043-29E3-4056-B085-81575D6A94E6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{B8104F38-14DD-4563-9127-0982B3A890AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BAD55A80-F7B6-4CF1-BCA6-63F4948A6C52}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC270A70-F7CE-4EC9-BDE9-F3D273C01227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\garrysmod\hl2.exe |
"{BCA45973-1A58-4ACB-BFD0-574C814B468C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BCC67EFC-6E84-48F8-B0B5-C50CBC11EA5C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD1FF99F-18D4-462E-9F9C-8740C1ADBEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{BF428539-348E-48F7-A80F-BEB84CAF163C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C0231062-F359-4F52-842A-B4956FC1B339}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{C056EBCA-40DE-4082-B5CB-9C1F6FF8796E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{C0A47759-70AA-4483-BA8C-2A99B4349259}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C15FF451-F611-4B26-AF90-1CE8EE42E5A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{C1B12DC1-165D-4EAA-BF8E-154A1271ECCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\counter-strike source\hl2.exe |
"{C1B62CB2-B3CA-4B94-80C2-0DF9FDB6E009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3639A33-3430-49B1-A9F7-A01147A56B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C3C13085-8FF0-43BD-AC5B-88D0384C3E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\counter-strike source\hl2.exe |
"{C5026C47-2365-487E-80E8-D6C0E5F77313}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{C6489DEC-DCA8-4BAB-AFBA-2A7F5C4974B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C64EC100-7B2C-4EC7-AFA1-15581F4F20C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7CBA255-F7CC-4F81-A673-12E55AAF320D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\garrysmod\hl2.exe |
"{C8B9D3DC-27A2-42C9-88F6-81B8A4EBC68A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{C944B1B9-1A9F-4205-8B5F-DF32A6AD5872}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{CA5BF0AC-D060-4AB9-AFA4-43607656515C}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{CA82167D-A641-4D09-9A0B-E9BE3C7C492C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CBD32EEE-0B8A-4928-8667-84A8A69DF32E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{CC0356BB-2E90-479B-A5AB-E56DC742457E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{CD7A9577-3D06-4BC4-81F9-433A4B51BDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{CEF0A986-8093-4CA1-BBF5-5FCB9AEA1278}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{CF2AAB87-89D3-4958-8BBE-1F863EAA03F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF401841-0CB4-42BA-9A59-A99CF1C930CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{CF6219E5-6090-4ED6-8E42-77EE5AA89A09}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D4E9B108-6A72-4902-85E6-4596CA70174E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D4EC4832-45CC-4CDD-A79F-186DC5D4E287}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{D78D07AC-9C46-4E56-AB2A-AB978E81490A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher.exe |
"{D82C7CB5-6527-48B5-BA9E-F6AF8D32B5A2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{D884E66C-60CC-41F3-94A2-E995A2DFB8EE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{DA527262-5F5F-4AC5-B3AA-023A4798AB8C}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{DB7FA4E6-C8DA-417A-A444-B8262D131100}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DCE9CFB9-91E0-463B-A068-6AEBB5F95A31}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{DE480A5C-3D0A-4E0B-A631-68D445390DC1}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{E55E8187-7937-48DB-89A1-CDD3DFAD1F38}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E6347D4A-18B5-46FE-AF4A-9E8BA6D1990B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E8B5D8C8-EB43-46E3-8806-A11FEDBF2FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E9533B32-8D8C-4451-86EF-0F9F559D8730}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{E95DE7B2-B7C2-46D5-B2B5-EF5C4F360F88}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EA34F3BE-5DBA-463A-9E63-0D609951917C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{EA565783-4427-4985-A060-FCD0B9195687}" = protocol=6 | dir=out | app=system |
"{EB3FDA41-3A83-4EC3-840D-19CD8CAAE991}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EDE8F438-B2A5-4703-8916-1169D893F878}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EDF37B8D-E6F7-4EA8-ABF2-C34685C40B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher2.exe |
"{EE2CD1D1-3F76-44F0-B8ED-F0C324B97926}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{EE8CBEAD-8DF8-47BD-8623-950C74F5C56E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F0F90589-E270-453C-BB89-DBD0C487929D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F29B4847-212D-4494-96EB-3D586D7563C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4D0994E-43D2-4F73-91FC-31D33FEF24FE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F936D348-7958-41AA-ABC9-C20ACCA1545E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FACD7FF0-2F2C-40F0-89A8-47FEACFB9A84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0239DF-E9D5-4A4A-98E8-93094925FC70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{FBDF7604-F7EF-4279-BD20-399B8C7E7E34}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcherx.exe |
"{FDA87C1A-8DC3-43B5-B5B3-07E841ABC80F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FFD6A07F-A7CF-4977-87B9-81DBB4CB356C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{0AC92EFD-0518-4CE6-9AA3-580599A3A955}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"TCP Query User{1185C2E5-7C33-4231-93E3-5AD9B5FC8657}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{2955B38B-F25A-4DD8-BCC6-459A46C625B7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{38B009A1-E21F-40A7-8D66-4601E2CDBE1A}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{3B0D3BF8-8352-48EE-B63C-1A50AA1EAC90}C:\users\wally\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\wally\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{3C3C18FD-36D3-401A-A5DF-B047A4EBFC77}C:\program files (x86)\steam\steamapps\animefreeks\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\team fortress 2\hl2.exe |
"TCP Query User{43CE4208-4307-4677-A27B-3A19B2082EE5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{452523BE-857E-43A8-936B-9EFBCE08F3CB}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{58E1A4D5-D9AE-45FF-BC06-BD431E30AE08}C:\users\wally\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\wally\downloads\championsonlinef2p.exe |
"TCP Query User{6AE20B7C-7D57-4026-BBB0-968950088D44}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{706FEE9B-D75C-4ED6-B6A1-8C2FDBB86134}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{81AAE03D-F330-4859-B68A-FDE1FE1A2336}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2 -devmode.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2 -devmode.exe |
"TCP Query User{8E8848F1-DB5E-474B-81C4-53DCC767F9DC}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"TCP Query User{96BC1AD6-358D-4F32-99E9-D52557FC4FC2}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{A0342E05-66D5-4941-BA1A-7506717E4FF6}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{ABF41CFE-D5FF-436A-8D31-CC871CE70109}C:\users\wally\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\wally\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{BF16E058-5716-4F59-AFC0-D93ACEB57575}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{D76E3ADB-BA0F-434F-B821-A1C9A23DB209}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC311EED-0568-48F3-AB3F-582FED63F038}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{F82E2E00-9B17-4F4E-AED2-BB229F0D582F}C:\program files (x86)\capsulegames\men of war - pc\mow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\capsulegames\men of war - pc\mow.exe |
"TCP Query User{FEFD2889-DE26-4D41-BA4B-045F81E9B5F2}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{015C7F66-D2F3-4A35-834E-FD0DD3DD431F}C:\program files (x86)\capsulegames\men of war - pc\mow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\capsulegames\men of war - pc\mow.exe |
"UDP Query User{03C313D8-9CE2-4887-92C2-60B120B28AC9}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{0AEC3B42-4536-48C5-8C02-B71C31A1941B}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{0D7CD551-E21B-4509-B6FE-A8D428428A6F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0E53BA4B-59E8-4633-ADE0-1616B8F5FCF0}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{10843C3E-8D9E-4189-B59A-DAC5FD983A97}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{23CA985F-0C16-421B-8B43-1328FF1E29C8}C:\program files (x86)\steam\steamapps\animefreeks\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\animefreeks\team fortress 2\hl2.exe |
"UDP Query User{23DE567F-AE20-474A-B384-433EA143243B}C:\users\wally\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\wally\downloads\championsonlinef2p.exe |
"UDP Query User{25D5851D-313B-4BF7-A7E6-A88040922A35}C:\users\wally\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\wally\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{41EFFC22-BA3C-41B9-8AE4-D4B4EDC3431B}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"UDP Query User{6E117E5F-16B9-4EFC-96D4-19DC8DBFF58D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{923A01E4-E8C8-4688-AE48-DE264130DCA8}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"UDP Query User{9ABA3ED2-B661-4CF3-A3E8-8B5F30E3C53D}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{AB868F6B-6F29-40EE-BC14-A0EC209E1DDC}C:\users\wally\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\wally\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{B1927DF7-5B3E-4CB9-BACA-37E8C37E959F}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2 -devmode.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2 -devmode.exe |
"UDP Query User{B202D529-8900-4FB1-89A9-A22A501CC531}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{CA8A0BF6-2628-4956-9C7A-DF79B046CF4B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{D73FA358-06D5-4DF9-9400-73549F5F4AC4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{DC6C07C1-6DD2-4530-A989-F4A4B8EB9402}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{E6163075-2146-4F23-9D88-765C77FCD653}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{FC02C6C5-DD98-420F-960C-B8546C8D104E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A013EA1-A1D3-11E0-8DCF-005056C00008}" = Sound Forge Audio Studio 10.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{160B3255-2B39-4E0A-90C5-711AE4CCDE0B}" = Netmarble NPAPI Plugin Updater Installer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java™ SE Development Kit 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4297EC30-5413-11E1-981E-001676AB6D60}" = MSVCRT Redists
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81BBE880-5409-11E1-BF7F-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = ooVoo toolbar, powered by Ask.com
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32FA1FF-78EC-4FFB-B339-F6CEFCA1EFE5}" = ConceptDraw Office
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E08282EF-CFCD-420F-BEFD-E532114C9492}" = Loong
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Video FX Engine" = Advanced Video FX Engine
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIM_7" = AIM 7
"Anime Studio_is1" = Anime Studio 5.6
"Any Video Converter_is1" = Any Video Converter 3.2.5
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitComet" = BitComet 1.16
"Capsule" = Capsule
"Champions Online" = Champions Online
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cisco Connect" = Cisco Connect
"DivX Setup.divx.com" = DivX Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Intel AppUp(SM) center 13747" = Intel AppUp(SM) center
"JCreator LE_is1" = JCreator LE 5.00
"LimeWire" = LimeWire 5.5.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade Warband: Napoleonic Wars" = Mount&Blade Warband: Napoleonic Wars
"Mount&Blade: Warband - Napoleonic Wars" = Mount&Blade: Warband - Napoleonic Wars
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orcs Must Die!_is1" = Orcs Must Die!
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Sleeping Dogs_is1" = Sleeping Dogs version 1.4
"SpeedFan" = SpeedFan (remove only)
"Steam App 17410" = Mirror's Edge
"Steam App 240" = Counter-Strike: Source
"Steam App 3720" = Evil Genius
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 4700" = Medieval II: Total War
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Synthesia" = Synthesia (remove only)
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.5.4)
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Google Chrome" = Google Chrome
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"SOE-C:/Users/Wally/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"soe-PlanetSide 2" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2013 10:59:57 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x1b40 Faulting application start time: 0x01ce9edc89a1dfe0 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: ecee4460-0ad6-11e3-ae7b-90e6ba494ffc

Error - 8/27/2013 7:08:10 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x1484 Faulting application start time: 0x01cea37a2f24af50 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 8a66fd00-0f6d-11e3-8584-90e6ba494ffc

Error - 8/27/2013 7:30:36 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x11e4 Faulting application start time: 0x01cea37bb9e66c90 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: ac9e4470-0f70-11e3-8584-90e6ba494ffc

Error - 8/27/2013 11:04:30 PM | Computer Name = Computer | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.1.42 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1794 Start
Time: 01cea39ad8f51310 Termination Time: 24 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report
Id:

Error - 8/31/2013 12:09:10 AM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x10d8 Faulting application start time: 0x01cea5fe726ec7b0 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 160e0ec0-11f3-11e3-a312-90e6ba494ffc

Error - 8/31/2013 12:10:44 AM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x1884 Faulting application start time: 0x01cea6000505ad40 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4dd51470-11f3-11e3-a312-90e6ba494ffc

Error - 8/31/2013 5:29:41 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x14b4 Faulting application start time: 0x01cea6911a18d1d0 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 71d7c520-1284-11e3-9292-90e6ba494ffc

Error - 8/31/2013 5:39:48 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 7.0.250.17, time stamp:
0x51c4b3fd Faulting module name: java.exe, version: 7.0.250.17, time stamp: 0x51c4b3fd
Exception
code: 0x40000015 Fault offset: 0x00013c4a Faulting process id: 0x137c Faulting application
start time: 0x01cea6929a4963a0 Faulting application path: C:\Program Files (x86)\Java\jre7\bin\java.exe
Faulting
module path: C:\Program Files (x86)\Java\jre7\bin\java.exe Report Id: dbd24df0-1285-11e3-b139-90e6ba494ffc

Error - 8/31/2013 5:46:43 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x152c Faulting application start time: 0x01cea692e3fe1a40 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d30d51f0-1286-11e3-b139-90e6ba494ffc

Error - 8/31/2013 6:18:43 PM | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x51c11a30 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0003465a Faulting process id:
0x1478 Faulting application start time: 0x01cea6961bc51890 Faulting application path:
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4b270790-128b-11e3-b139-90e6ba494ffc

[ System Events ]
Error - 8/30/2013 3:41:20 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/30/2013 3:41:20 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/30/2013 11:32:22 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 8/30/2013 11:32:22 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 8/31/2013 2:03:08 AM | Computer Name = Computer | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/31/2013 11:56:11 AM | Computer Name = Computer | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/31/2013 11:56:11 AM | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 8/31/2013 5:33:33 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/31/2013 5:37:03 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/31/2013 5:37:03 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
  • 0

#5
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sappedsentry,

Can you explain why you have Adobe activation servers in your HOSTS file?

O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Tom
  • 0

#6
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Oops! Pressed Post instead of Use Full Editor. In addition to the above, can you please run MGADiag:

MGADiag

  • Download MGADiag (by Microsoft) from the link below:

    http://go.microsoft....k/?linkid=52012

  • Run the tool by double clicking on the file. Press Continue when prompted
  • When it has finished, press Copy then Paste (Ctrl+V) this into your next post

Tom
  • 0

#7
sappedsentry

sappedsentry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I think the Adobe host quandary came from my son playing around with the Adobe programs. I'll ask him about it.

Here's the CKScanner.txt

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\mount&blade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\materials\sprites\store\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\materials\sprites\store\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\counter-strike source\cstrike\download\materials\sprites\trails\crackedbeam.vtf
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrack.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaplightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackenvmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracklightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracklightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracklightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracklightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaplightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackenvmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracklightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailtitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackndetailncracktitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcrackshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetailcracktitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrack.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracklightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracklightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracklightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracklightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatesttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmappointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmappointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmaptitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailtitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackndetailncracktitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackpointlighttitaninterior.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\wally\documents\battlefield 2142\mods\bf2142\cache\{d7b71e3e-4562-11cf-d259-6e271ec2c535}_39_3\rashaderstmbasedetaildirtcracktitaninterior.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\wally\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4562-11cf-926d-69271fc2c535}_221900_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\wally\downloads\adobe after effects cs6 11.0.0.378 ls7 multilanguage [chingliu]\cracked dll\amtlib.dll
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.ZZ.11.PENAOZ
----- EOF -----




MGADIAG :

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {994C87B3-053B-4805-912B-0A02C1E01C8E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Wally\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{994C87B3-053B-4805-912B-0A02C1E01C8E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-1226410047-2800721095-3950422651</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>NY621AA-ABA p6214y</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.22 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100415000000.000000+000</Date></BIOS><HWID>2BF73507018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7600.0000-2632009
Installation ID: 019960799856623546984541191535472626287683186115851480
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 9/1/2013 3:57:47 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:26:2013 15:48
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAIAAQABAAEAAQABAAAAAQABAAEAln3moIFr8i+qPu5F7naN7wRtkFtCGg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC
INFO HPQOEM SLIC-CPC
NVHD HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC
  • 0

#8
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sappedsentry,

Thank you for the logs. As your Windows license is genuine and your son is responsible for the pirated software on your computer, we can continue :)

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?


Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa


OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    O4 - HKLM..\Run: [] File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell - "" = AutoRun
    O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell\AutoRun\command - "" = K:\Setup.exe
    O33 - MountPoints2\{a09641f1-e08a-11de-966d-90e6ba494ffc}\Shell\setup\command - "" = K:\setup.exe
    
    :Files
    c:\users\wally\downloads\adobe after effects cs6 11.0.0.378 ls7 multilanguage [chingliu]
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
  • Click the Run Fix button.

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Adobe Flash Player 10 Plugin
    • BitComet 1.16 (optional, but recommended)
    • LimeWire 5.5.9 (optional, but recommended)
    • µTorrent (optional, but recommended)
  • Once you have done this, reboot your computer

Then download the latest version of Adobe Flash from here: http://get2.adobe.com/flashplayer/

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

OTL

  • Run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom
  • 0

#9
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sappedsentry,

Is everything okay with the fix? I haven't heard from you in 3 days now and inactive threads are closed on the 72 hour mark - if you need more time then just let me know :)

Tom
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP