Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stormfall Adware [Closed]


  • This topic is locked This topic is locked

#1
SupremePoser

SupremePoser

    New Member

  • Member
  • Pip
  • 1 posts

A little while ago i downloaded a program through a hosting website. Along with the program i believe adware was installed. Randomly as I use my computer my browser (google chrome) will popup with an ad to play the game stormfall. It is at most annoying but it would popup randomly as i am working on school work or just browsing the internet. Below are the scan results from OTL:

 

OTL logfile created on: 8/31/2014 10:05:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.20 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 55.67% Memory free
6.40 Gb Paging File | 3.92 Gb Available in Paging File | 61.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1522.14 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/31 22:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2014/08/28 04:48:04 | 001,521,344 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/08/28 04:48:02 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/08/28 04:48:00 | 001,939,136 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/08/08 16:41:27 | 001,178,168 | ---- | M] (Spotify Ltd) -- C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/08/06 20:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/06 02:34:34 | 013,246,272 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/08/06 02:21:00 | 000,229,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014/08/05 03:42:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/03/18 01:46:24 | 001,063,296 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/19 16:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/07/13 18:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/31 11:06:45 | 000,079,480 | ---- | M] () -- C:\jexepackres\JX90484\miniupnpc.dll
MOD - [2014/08/31 11:06:45 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX90484\natpmp.dll
MOD - [2014/08/28 04:48:14 | 002,224,320 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/08/28 04:48:02 | 000,678,080 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/08/21 11:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/08/21 11:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/08/21 11:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/08/21 11:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/08/21 11:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/08/20 15:38:18 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/08/20 15:38:12 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/08/06 20:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 20:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 20:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/06 20:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/06 20:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/19 16:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
MOD - [2011/01/23 20:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 01:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 01:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/05/04 15:40:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/05/04 12:36:42 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/08/28 04:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/06 02:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/08/05 03:42:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/07/08 15:16:55 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 13:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/06 01:31:36 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/31 21:57:44 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/06/07 02:37:16 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/23 07:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/10/16 19:27:10 | 000,143,016 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/09/06 15:26:58 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2013/09/06 15:26:58 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/04 13:31:02 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/04 11:37:12 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 22:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/13 13:05:56 | 000,056,448 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/12 13:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/12 13:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/25 20:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 20:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alex\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/07/21 13:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2014/08/18 23:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\b1x1joyk.default\extensions
[2013/10/06 01:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/06 01:31:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: null
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Adblock Plus = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Adblock for Youtubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.17_0\
CHR - Extension: AdBlock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: SmoothScroll = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj\1.3.1_0\
CHR - Extension: Google Wallet = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000..\Run: [Akamai NetSession Interface] C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000..\Run: [Spotify Web Helper] C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2766163382-2509794277-3812320332-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30242809-BA21-48C8-A7C3-8638F9F9FE88}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4953b61c-e8f1-11e3-91bd-d43d7e974f9d}\Shell - "" = AutoRun
O33 - MountPoints2\{4953b61c-e8f1-11e3-91bd-d43d7e974f9d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{95209f09-d5e8-11e2-9854-d43d7e974f9d}\Shell - "" = AutoRun
O33 - MountPoints2\{95209f09-d5e8-11e2-9854-d43d7e974f9d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fe37aa0f-d43b-11e2-a2a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe37aa0f-d43b-11e2-a2a3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/31 22:00:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2014/08/31 21:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/08/27 22:57:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\eclipse
[2014/08/26 14:48:19 | 000,000,000 | ---D | C] -- C:\Users\Alex\.swt
[2014/08/23 06:00:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Immortal_Creations
[2014/08/22 00:47:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\AQ Elite
[2014/08/21 23:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/19 19:53:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\New folder
[2014/08/18 23:27:57 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 23:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/18 23:27:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/08/18 23:27:49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/08/18 23:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/17 21:17:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Apowersoft
[2014/08/17 21:17:19 | 000,000,000 | ---D | C] -- C:\Users\Alex\www.apowersoft.com
[2014/08/17 21:04:13 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4c32.dll
[2014/08/17 21:04:13 | 000,239,888 | ---- | C] (Microcrap Corporation) -- C:\Windows\SysWow64\MPG4ds32.ax
[2014/08/17 20:47:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\ManyCam
[2014/08/17 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Sparta
[2014/08/17 20:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearThink
[2014/08/17 20:46:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
[2014/08/17 20:46:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\StormFall
[2014/08/17 20:45:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\StormFall
[2014/08/17 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TechSmith
[2014/08/17 20:41:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\TechSmith
[2014/08/17 20:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2014/08/17 03:58:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Attack On Titan
[2014/08/16 22:01:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dofus-2
[2014/08/15 22:43:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AnkamaCertificates
[2014/08/15 22:42:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Reg
[2014/08/15 22:42:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\app
[2014/08/15 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dofus2
[2014/08/15 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Dofus
[2014/08/15 22:25:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Cubic
[2014/08/15 03:03:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Depression Quest
[2014/08/14 03:46:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dofus2
[2014/08/14 03:46:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Ankama
[2014/08/13 00:43:16 | 000,000,000 | ---D | C] -- C:\Crash
[2014/08/13 00:02:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\SCE
[2014/08/11 16:36:47 | 000,000,000 | ---D | C] -- C:\USM
[2014/08/09 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/08/09 01:16:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2014/08/09 00:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/08/05 03:42:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Chromium
[2014/08/05 02:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/08/03 03:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/08/02 22:09:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Unturned Hacks
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/31 22:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2014/08/31 21:57:44 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/08/31 21:52:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/31 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/31 21:04:38 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/31 21:04:38 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/31 11:04:30 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/31 11:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/31 11:04:24 | 2578,710,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/26 15:14:53 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Wakfu.url
[2014/08/26 11:25:49 | 000,000,008 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\DofusAppId0_2
[2014/08/26 10:23:40 | 000,000,113 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\D2Info0
[2014/08/26 09:31:11 | 000,000,008 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\DofusAppId0_1
[2014/08/25 23:36:32 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\ORION Prelude.url
[2014/08/25 19:18:57 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/08/25 19:18:57 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/08/25 18:20:24 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/08/25 02:51:32 | 000,231,085 | ---- | M] () -- C:\Users\Alex\Desktop\dmv.jpg
[2014/08/25 02:46:39 | 306,668,624 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/23 06:33:01 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/23 06:08:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/18 23:27:51 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/18 15:51:49 | 010,829,760 | ---- | M] () -- C:\Users\Alex\Desktop\Happy Birthday Baby!!! I Love You!.mp4
[2014/08/17 20:46:01 | 000,002,466 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
[2014/08/16 04:13:59 | 033,107,456 | ---- | M] () -- C:\Users\Alex\Desktop\KrabyMod.exe
[2014/08/15 22:21:58 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Cubic Castles.url
[2014/08/15 03:03:14 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Only If.url
[2014/08/15 03:02:25 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Depression Quest.url
[2014/08/14 03:46:43 | 000,001,154 | ---- | M] () -- C:\Users\Alex\Desktop\Dofus2.lnk
[2014/08/12 07:18:13 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\PlanetSide 2.url
[2014/08/11 16:29:48 | 000,114,176 | ---- | M] () -- C:\Users\Alex\Desktop\Unturned Save Manager 2.0.exe
[2014/08/09 03:45:06 | 000,276,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/09 00:51:44 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/05 03:42:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/08/05 02:50:59 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2014/08/05 02:02:50 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Blacklight Retribution.url
[2014/08/02 04:57:44 | 000,000,222 | ---- | M] () -- C:\Users\Alex\Desktop\Happy Wars.url
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/31 21:57:44 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/08/26 15:14:53 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Wakfu.url
[2014/08/25 23:36:32 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\ORION Prelude.url
[2014/08/25 02:51:32 | 000,231,085 | ---- | C] () -- C:\Users\Alex\Desktop\dmv.jpg
[2014/08/25 02:46:39 | 306,668,624 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/19 12:43:21 | 033,107,456 | ---- | C] () -- C:\Users\Alex\Desktop\KrabyMod.exe
[2014/08/18 15:51:43 | 010,829,760 | ---- | C] () -- C:\Users\Alex\Desktop\Happy Birthday Baby!!! I Love You!.mp4
[2014/08/17 20:46:02 | 000,002,466 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
[2014/08/16 22:01:27 | 000,000,008 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\DofusAppId0_2
[2014/08/15 22:42:05 | 000,000,113 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\D2Info0
[2014/08/15 22:42:05 | 000,000,008 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\DofusAppId0_1
[2014/08/15 22:21:58 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Cubic Castles.url
[2014/08/15 03:03:14 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Only If.url
[2014/08/15 03:02:25 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Depression Quest.url
[2014/08/14 03:46:43 | 000,001,154 | ---- | C] () -- C:\Users\Alex\Desktop\Dofus2.lnk
[2014/08/12 07:18:12 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\PlanetSide 2.url
[2014/08/11 16:29:47 | 000,114,176 | ---- | C] () -- C:\Users\Alex\Desktop\Unturned Save Manager 2.0.exe
[2014/08/09 00:51:44 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/08/09 00:51:44 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/05 02:57:25 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2014/08/05 02:02:50 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Blacklight Retribution.url
[2014/08/02 04:57:44 | 000,000,222 | ---- | C] () -- C:\Users\Alex\Desktop\Happy Wars.url
[2014/03/03 08:59:40 | 000,000,043 | ---- | C] () -- C:\Users\Alex\jagex_cl_runescape_LIVE.dat
[2013/08/27 20:49:59 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/06/23 19:35:45 | 000,757,660 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/13 21:41:32 | 000,000,045 | ---- | C] () -- C:\Users\Alex\jagex_cl_loginapplet_LIVE.dat
[2013/06/13 20:54:08 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/13 20:54:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/06/13 08:55:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/06/13 08:45:49 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/06/13 08:45:49 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/06/13 08:45:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/06/12 22:24:03 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2013/06/12 22:24:03 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2013/06/12 22:24:03 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2013/06/12 22:24:03 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2013/06/12 22:24:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2013/06/12 22:24:03 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2013/06/12 22:24:03 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2013/06/12 22:24:03 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2013/06/12 22:24:03 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2013/06/12 22:24:03 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2013/06/12 22:24:03 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2013/06/12 22:24:03 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2013/06/12 22:24:03 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2013/06/12 22:24:03 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2013/06/12 22:24:03 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2013/06/12 22:24:03 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2013/06/12 22:24:03 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2013/06/12 22:24:03 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2013/06/12 22:24:03 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2013/06/12 22:24:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2013/06/12 22:21:53 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2013/06/12 22:21:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/07 11:36:58 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/07 11:36:58 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/29 19:58:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2014/08/15 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnkamaCertificates
[2014/08/17 21:17:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Apowersoft
[2014/08/15 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\app
[2014/01/14 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Awesomium
[2014/01/21 22:29:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Battle.net
[2014/06/29 04:15:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\cubby
[2014/08/15 22:29:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Cubic
[2014/04/29 19:00:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Curse
[2014/03/05 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DiskAid
[2014/08/15 22:42:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dofus
[2014/08/16 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dofus-2
[2014/08/26 10:32:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dofus2
[2013/09/15 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Foxit Software
[2014/03/04 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iFunbox_UserCache
[2014/06/17 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\java
[2013/06/12 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient
[2014/08/17 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ManyCam
[2014/06/10 19:58:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2014/06/27 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2013/12/22 23:59:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PowerISO
[2014/01/03 21:32:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\raidcall
[2014/01/26 13:13:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\rcru
[2014/08/15 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Reg
[2013/06/12 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Riot Games
[2014/03/07 16:55:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Rogue Legacy
[2014/06/10 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\skyz
[2014/08/17 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2014/08/17 20:46:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StormFall
[2014/08/09 01:16:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2014/08/17 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TechSmith
[2013/12/04 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2014/08/23 06:11:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >
 
 

OTL Extras logfile created on: 8/31/2014 10:05:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.20 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 55.67% Memory free
6.40 Gb Paging File | 3.92 Gb Available in Paging File | 61.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1522.14 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2766163382-2509794277-3812320332-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A0AFF-6388-4CF3-ABB7-82115FEE4DDA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{01ACAE0E-3D35-419B-8393-8A90FF30CD45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0FEC5E08-0C8A-4FF2-969B-56FED7945167}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{193DA31B-C799-4FB7-AC0C-3B2FE46A70CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FC6FE17-68EF-4E77-BB83-B0D4A8122442}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20AD0C8A-B555-4901-A035-2AB6DFB87AAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30EDB19F-8221-4AE6-AD0F-85435A2FD7F4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{36C4F610-CBAD-4CDC-BF62-1FED9D85FBDB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{3CA8A4A2-E5AF-4406-BFC8-5B5FAF504718}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3DDA4C86-C3E6-48C8-A8EB-852285F9B6AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EF9F9E1-82AE-44E0-BAC4-B6B1EAB8AC69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4BD40F31-B809-472C-82D2-F25A55ED27BF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{740FC3BC-8B05-4CA7-A2D1-98A017485504}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7A8ADAEA-A366-4CE7-87EE-04E40FC20FDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{836A7F28-DEFA-48BB-88F3-BFD7E355C76C}" = rport=80 | protocol=6 | dir=out | app=c:\users\alex\appdata\local\warframe\downloaded\public\tools\launcher.exe | 
"{929A9D66-6AA4-410E-A8A1-5B0F7763321C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{981E44A8-AFDC-4345-8D6D-57EA60AD392B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{9E385988-360C-45A4-B39A-E834FAC49EA8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B15B6615-5A43-4181-8EC1-CDD1C64255D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B37FC43D-3272-4534-9F44-70DE8C0C1D25}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{CC55B21C-975B-411C-A8F4-F16C43FA0D7D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{CD45C1B0-AF2A-43A6-90B0-2DC04D92D615}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D07DBE01-469E-4CDC-A13D-0B9474E9C28B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D1AAA91B-8212-43F4-8CC3-0E8922E828DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D586DBD2-22EE-4A17-8EBA-035A29255F62}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe | 
"{E34033E6-5100-499F-9CB7-22CAD7D61CAE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E8D119A2-8D5A-4AE3-ACD0-B5ABD90755F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB777E86-18D0-49CF-9F5E-9948E20031BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F65D48E0-5457-40E9-ABB4-A7B3B4E5B3C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AE2CD1-32AC-45C0-A4B5-8DC49CDA3D11}" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe | 
"{04BDA763-B156-446B-B157-A9D67EE402E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{060E8313-8CE8-499E-9A4F-2650853C25ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0676CEF2-6872-4F9E-89C8-8E34DE0C1C7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{06811DD9-CCA3-4999-8048-D3AFDC9B14D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{06B81FCB-0E64-49EC-A1CD-D70DBDC52D6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0C02D913-25AA-4A5C-B3DA-C5CE073EE54C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{0DB86AD2-F2B3-4232-9701-7F268285208A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{0EA03534-B8A6-40A3-AEF4-04CA2C30B0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{10B6A578-0F81-4D0C-B367-3B1C4BA7606F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe | 
"{12933778-99E7-41AE-B331-D6BF0D6E274E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{13F2CF4D-A91D-4FC3-9124-F1BDBBD110D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{14E23ED3-8BD3-4E69-849E-BA6E0BFF3203}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{15C3F523-4A5D-426D-9732-9F7269E4DCBA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{16D889EF-C852-4B00-99AE-7D690F61FB52}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1A8C9C17-B307-4FFB-9E32-7593C718B6AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1C11EB20-182C-4385-A8D0-64ECF4DEEDDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{1FC8DDFE-B5B8-4FF8-B58B-F152EA2A6542}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{2008D005-2CC6-457D-8EC5-A6D5BE1CC3D7}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\utorrent\utorrent.exe | 
"{20F97AA7-8393-4CA9-BA59-ED600129D12D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{227F77C5-F626-43F1-ABA2-E0D8BCB3C8E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2296C0F9-8DAA-4836-B2B1-6D5C05B50092}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{23A6A728-90D4-44BD-A9E3-96AD45117402}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{246B182F-CDEB-48F1-AA09-237210B0245B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{25387637-06D9-41E0-81C3-05A99F17527A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{26A9F3BF-DF47-4A07-9B62-E75CDFB9090A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{28039D8D-3E03-44FA-88C9-3BD95DBF703D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2869F1AC-392D-4F45-A0E9-24AC1D8236DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{287EC46E-3D95-49F8-9A75-DA39BAADC8F4}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe | 
"{28970539-D380-40A5-BEC8-EB5E11D04A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A4A6459-3322-4553-ADA1-C491298762FF}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{2C2E6719-BB02-4775-A7E3-73640B4715C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{2CA522E8-2992-45D9-AE77-24E1F638E21C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{2ED2CDD7-8A89-489E-9FFF-676C11610AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{2F794311-52BF-4B6E-87D1-730C72D63E53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2F7DE42A-CC7A-4607-887D-74575DBB4B5D}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe | 
"{30AC61F9-4E6F-44A2-B589-B07BA0315FD3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{3329D00F-AF7D-40AB-AC63-4D51353A59C1}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{33A97C93-88A2-4627-AA64-8A8828F166DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{3535AE76-F469-4473-AF2B-23B208A62C7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3681B4CE-A019-4BD8-A706-BA2A7DB0C17E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{369A1A38-4D8A-48D1-AAF5-31C2C37AC42F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3788CD8C-E43B-4156-960F-AB0C6004DA13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{382DAD63-5D7A-431A-B702-F0CE9057C912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3BAA3E49-1A72-422D-AF29-D047F3775FD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{3BD507F5-20E9-4962-88CB-7754C5DBFB76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{3D7C69DE-353F-45CF-8410-242914FE1A36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3E232060-5C0F-4677-AE1B-AD14772A5C98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\depressionquest\depressionquest.exe | 
"{3EA5D7CD-925A-4CE5-8CE0-334FD7B89B10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3F064AE9-30CD-4949-8C85-92FFCB2F7A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{3FF1F690-192D-4A78-85A5-3AAFD2029672}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{407A9679-082E-41C4-AC2A-B9EC275E3A94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{425C1A00-F518-4B73-900A-064E5B202778}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{432B294F-F49B-4E0E-A854-6617CB4BF91D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{43AB04D2-EFAE-477E-96BB-F3083CF59EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{445F8565-4C0C-4D78-AD57-2551C1EC94AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{44A40F98-BAE5-47D0-AC8D-DA66A186145F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{44F8071F-BC17-4791-A9D8-B8134E169AB9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45501D77-E2BD-460D-97FF-C51D11300EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{466DD8C2-7150-4FB8-8EFA-39F914994990}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{467924C4-4196-4320-9427-A0038DCE7DDB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{46D3C3EC-E52F-4681-859A-168882170673}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{47391D57-A891-4D64-88F2-EA5B0E90C5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4959CEDD-8FEF-4202-B04C-0BA4B9A3C519}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{4A00B475-0656-4026-8627-78D0AB887635}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{4AA6133A-9914-47B9-9C75-858F75DFDB34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{4B8ACD72-58F0-4E04-90A6-7D9BF1A44911}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe | 
"{4BF9C4AE-EB79-4F81-A593-B381A0EB50D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{4FCDD3D9-DFE5-4B9D-8C44-AFDD8893224A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{4FF3E3EC-8E3F-4E27-AEAC-9B528191A3A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{52F32576-7BC6-4890-A125-A0F48D7F5689}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{53729079-275F-4C6E-B192-35CF9AD6F13D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{551A1522-28BC-4C26-8DD4-E707796D54C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe | 
"{56C08221-33AF-4FED-BD09-9177AF40EB8A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{59353EC5-2295-454C-9BCE-48FFEF8D8E13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{59FDB75D-2FBB-4B54-AC10-E6C56696E7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{5C2EC648-5EFB-4946-A79D-3CE730BDF07E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{5CE0DABA-57D6-403F-8443-CD1E5F754575}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{5D2F36DB-90B4-483A-B4E2-AC4858FAD6FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\depressionquest\depressionquest.exe | 
"{5D414B79-D4A8-4C39-981A-4338B8456478}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{5E3A1CAB-A685-4809-B81F-3FB1D4AAE097}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F14AB76-45F8-47EC-86CA-EEF9A31A4FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5F1DA6FD-E4AE-43A1-B33B-0B8EB877BFF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60015E67-5A41-45F6-A1C2-DEF86EE4B003}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe | 
"{60ECDDA6-152E-4B89-BF02-DA7635DD5D63}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{614B24A1-3FB6-440A-8C0E-845D3112862A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6198777A-A7B2-4E1F-A22A-5B096DBFAE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{65362925-7432-4BF2-A815-33CC9424BD02}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{65E26142-1399-4091-BC70-5119ED4CDF97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubic castles\cubic.exe | 
"{65E3E5D7-DC8D-4477-A6A2-DF5C41C64C51}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{66174615-65B0-47C0-8F77-999BB22A4051}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | 
"{66ADB2F0-22B4-4B4D-8842-C8474236A45F}" = protocol=17 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"{676001E8-3A30-46D6-91D2-23F049F4B0F9}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{6843E0E3-A6BF-4C34-A09B-60E1B2D56026}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{68C5ACA3-DA31-43A4-B65A-F7048FE9F342}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wakfu\transition\transition.exe | 
"{6A4FC175-0201-41EF-B446-7C2AE0A6588C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{6B102862-3201-4294-9FA9-D7C19F2712C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{6B129E76-F65C-4873-AD85-F737A1AA3CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{6B72D4A0-7FCE-497C-AB11-5F502628E201}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6C2601F0-A1E0-4F15-806C-B6D18EEE667A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{6C4A7976-54D5-4150-8486-C4F9E8878669}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6C7E964C-86D4-47AC-8762-5F4447E86CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\data\x2.exe | 
"{6CC52401-E42E-4570-9E2A-7BCB3A33107C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe | 
"{6D74EED9-FFAC-4905-9111-80F992E9E49D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6DA5944A-354D-44F5-9ED0-A6846B6B4206}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{6DFB797D-8CA3-474F-BEC2-1C5E9A0BCB50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6E06AF64-84BE-4503-873E-DA77863E4864}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{6E24F110-F6A8-4AD3-9932-78D56086DB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wakfu\transition\transition.exe | 
"{6F4B3B5F-F26E-4166-884F-C20F9AB4AE95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6FF4EA76-E440-43A6-9F0A-257EABA62A47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{71762E13-1C61-48A8-9BA7-22B072624F5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{7593AAEE-3F89-4C07-A849-F3E827FFDE5D}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{76FDE9B8-6E09-4038-A90E-6474CA3C615D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{77BFEE52-CD6A-49F0-B32B-E860F955F1AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{791D1BFA-7648-4E50-A74B-F86C72F182F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{7A45FC36-66CD-4577-A595-16A4A937D67D}" = protocol=1 | dir=out | [email protected],-28544 | 
"{84019F2C-A94D-4653-8E10-B9E50E9945C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85D89585-40CD-44EE-A351-F7AF6DF2D11C}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe | 
"{8AA34407-AAED-4282-81CC-8512F1848D49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{8B9DDDAB-18B2-4B02-939A-F7D34B76245D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8CACFB0F-2AE4-4DBB-AB35-820AE917356B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{8D3EA04B-4E03-4F57-BD46-8346EF66399A}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe | 
"{8D5D27F1-CE5E-4736-ABF6-AE38DD4F4582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe | 
"{8E7E9C63-CF9E-4738-A78C-F814502BAB78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8EEACD3D-CF08-4677-8C6B-EF70DA327FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8EFA4722-2BE3-4E8D-95AC-0367D2D7F514}" = protocol=6 | dir=out | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{8F424F81-9A28-4216-A52C-1DDA3F54096C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9077A667-7F6D-4CF5-A9CF-B224DF8862AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gunz 2 the second duel\gunz2_steam.exe | 
"{925FE76B-86E0-4149-8BD6-8D3A8C15FB23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{92DB4D9F-B1B3-4609-9F9E-54BA6C1A35C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{93093F32-9CBC-4A32-8C67-2BD4F05F9CFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{9544601B-4657-4AC9-9DE0-AD59BB4B77A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{95EF474E-704A-4407-B83B-A5113EA91BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{95FD9D8B-3137-4204-949C-0060CE27B373}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred_citadel\sacredcitadel.exe | 
"{9622CF62-776A-477E-802A-7FFA7FC5A2C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe | 
"{98F7A368-58B3-4E1C-B6AF-26D5B01A26D4}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe | 
"{99193146-A310-4AE9-8889-24E9F6E54804}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{9BA3701E-EA38-4D39-B8D9-9107343F734D}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe | 
"{9CAC600F-C854-4356-8383-DBFD9D7915F3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9D9FE19C-D303-419E-8E98-809BE5FDC76B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E438287-FEEA-48AF-BDB6-5AF8845C0E18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{9F4845DF-FCBC-4A7C-8B33-B72EF136B9C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{9F60450D-DDB0-4926-B9D4-A2B1B6029C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{9FCEB06B-0392-4FCE-96BE-27A6F6D31DE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1EEB5B8-74B2-41F3-A6AC-0D2763AB430F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A4CE6CC8-9729-4027-BF12-0B12BE465DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\only if\only if.exe | 
"{A4D7ED25-A576-4487-912E-3DD61FE58463}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A5CC334C-CA42-44D8-B26B-2B48E0B35353}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{A7E6F75B-3F96-43FC-ADBE-B2E683715F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A8FBC4BA-9C9F-4445-A507-10D3F679B478}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{A8FC76CA-287F-4FFC-98E6-79E88B0F3DA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2680\agent.exe | 
"{A95A2729-F6C8-4FEB-82D8-FE6E0A514DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{A99AE191-6280-4B0A-A1ED-496A09F95BAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{ABD8BE61-1A38-43FD-9421-36EF53123396}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{AC640FBC-2614-45CA-87A7-33DF475ACFBE}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{AD4E0E12-F97C-4F87-ABB1-8DB67AEA4CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{AFFBA524-4E17-47D8-84B8-7A437E832DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B04FAC98-CE92-4310-8B2B-AC4E20701D25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{B0DD84E4-0C9B-4AD7-B3E9-EF6E2DCFE09B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B33C65D5-A394-4FFE-8F8B-61C545C8C0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubic castles\cubic.exe | 
"{B3892B93-A5F7-41A1-9A6B-65CE4FF0C1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe | 
"{B3AADEA8-3A43-4A8E-A366-A5C1197766C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{B42BAE45-833D-420F-847B-A31F5E52141D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{B455C367-AF84-4E22-97A8-2A583DCDCBCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B62FCC94-7FDF-4D35-A885-4BFB1F84DC63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{B7621029-343E-48EA-A22F-07E73282DB52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{B78040A2-DDE5-4C3C-AB46-B533AC30E24D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\essteam.exe | 
"{B85CE558-0F90-44C3-ADA2-E9373F359324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{BB16ED30-DAA0-43F6-BC07-838EB53242E4}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{BBCDF00A-FB5F-4DBD-8D10-2BBF6313D38A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BBE5AB63-3763-41DB-BBD2-B05936A6FEAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BBF20EEE-CD69-4F31-96C6-39011070065F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\utorrent\utorrent.exe | 
"{BC199344-6F62-43F8-A7BE-B82044404385}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{BEEB3327-BE8F-43B7-A123-16400633AA64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{BF0CCFC3-238B-4E6D-8206-8F079FF9129D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe | 
"{C00EB959-6F75-4DB9-BD35-352C5B17D869}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C0CDA0EB-C522-4313-A0B1-35919E9808D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{C17958A4-6AAA-4E15-B6F6-D3654D6AA8AD}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{C322041B-FFF9-4704-8C67-AE0856F4CCE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{C38C6778-7E51-4F18-889D-E35B0092B377}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{C3EA80D4-02D1-4835-8896-0A18549F864A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | 
"{C5654888-6877-4E52-A2A1-90D2640E07E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{C7DE60CE-6A60-4819-B975-CAAF76DED7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C7F757C8-9174-4168-ABA8-B199F16E86E3}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe | 
"{C853543F-58A6-437A-832C-9A7E170E1182}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CBA5D453-8A79-46D0-A4AC-70D82AF9A919}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CC71FE05-F63F-43D2-A379-5A2DC217763A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{CD002F96-AF7F-4C28-884C-F6EFCE74DE1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{CD80B483-AA2F-42A2-BC67-6E3E60085F56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{CDD5AFAB-9DE3-499B-8808-D63D66FE50C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{CE5F01C3-A480-4271-9544-0513FED39A29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{CE998003-521A-4580-87B7-AB89A9D10930}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CF1F31C3-AC8C-4EFC-9D39-2B8ADC8F2331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{CF5E49A9-247E-4287-9CE4-AEFD698D1C96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{D0B49A6B-247E-4821-A63B-8AF48016B938}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{D1FB7E53-3A15-4E16-8BCA-D02B11CB1759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{D490E9D7-F13A-4014-85BB-CB7E9E2DE873}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mabinogi\nxsteam.exe | 
"{D593652E-89C8-45AE-B696-C969EB8AFEC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{D6B9D314-EBA4-4A83-8EF1-3652238A593E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D6FE2585-A952-4A1D-BDE9-C97D68EC26CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D70BCF59-1F75-4FB3-97F1-7791774F2280}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D72FC67B-6EA1-45AC-8DAF-B6D301CFFABF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D82885E5-2EBC-412F-8B14-5E3CF765A83D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{D93B37D1-5A2F-4398-82C9-DB1F5467554E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{DB2A24C9-A215-495D-8BE4-27671405F2B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{DB5BCD18-3267-451B-B375-794476423A06}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{DC79548D-7796-4001-B7F9-2F3D67BB9DB3}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{DCB49EAA-5837-4E68-8518-ADA7737FEA19}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DCC90897-7E7E-4CB0-AD7F-217D4C41C0CA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | 
"{DDDE22EC-7414-4265-928A-F99290EC9FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DEACAC18-AB34-4F33-870E-A8DB06693965}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{DEAF425F-EC12-44C1-8119-126C295F850F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DF7E0D1A-8BAB-44B7-AF3A-74635C0E8F00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E3EB0927-03D4-461E-B8B6-FA15E620F970}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E43F5398-5B60-4877-B7D9-F5631C14AF0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E70D00FB-A18B-4055-B6F2-F72DABDC72AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E76B9611-2D97-422A-B223-23B682EAA532}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EA0DC7EA-7C17-41D9-9CBD-E03E5167B945}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gunz 2 the second duel\gunz2_steam.exe | 
"{EAACDBEA-65FF-4E6A-BDB5-A90A44EA12C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{EB9D14F2-B1C7-4D4C-99A5-B8959E284A37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{EBE4DC7A-8A9C-4F87-932A-98CDADB26857}" = protocol=6 | dir=out | app=system | 
"{ECDEDAE9-2604-49CE-8693-2FAC858B98EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{ED5D6B09-D6D5-4164-A23B-12AE861F0025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{EE050EF8-E0F0-4386-BC05-C9C843BED43B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\dinohordegame.exe | 
"{EF9A3261-6C13-46F1-AC36-A620C2137585}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\only if\only if.exe | 
"{EFE7EF16-D7B5-46CC-AAFC-3E6330665C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F0DCE5E5-A67F-4BD9-9647-1BBEDBB84045}" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe | 
"{F1D61D11-ED79-4AD9-AA7D-0E935233ADA8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F26ABB8B-DF62-4EF4-BFB9-7176D2F2C699}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F2ABA1B6-AB19-47EC-AFA0-BD0E3150A36E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{F2FAA580-B225-49EB-A011-8BC0BAB0BD31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F412877F-7828-46F0-BA62-8184C837BB2B}" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"{F4D202D7-B371-4D3F-B3ED-44B79F6A7BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\elsword\data\x2.exe | 
"{F636612F-56D8-495D-868E-A72A9D46E9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{F693C7FC-EFF5-4985-8C1D-42ECD52D083E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F6E58770-26CB-4872-A18A-1FF0C12C346B}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F72CFA2C-5869-4763-8695-F528CB77F4FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{F744598C-493D-4289-A3C8-8F0BAA9B92C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{F7DA05D8-5BC5-4D32-A42D-5B62E4C4E4A4}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{F86ED32C-354F-4722-93B0-5BB948E947DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{F8EFC0B9-C817-432F-BE28-67B6365F6857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\dinohordegame.exe | 
"{F92F695F-ECEB-4103-BEEA-BF1815D351C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9C51FC2-5385-4442-BF09-72A7D53081F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FB1267D6-5E7F-42E8-BECD-04F338506A92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{FBE96A03-7414-4555-8B85-C0E00DDE358D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{FC6C43DE-16F8-410A-B6AE-7E6BD8055780}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{FD7A0925-63DB-42D4-9968-E306D8882C42}" = protocol=6 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"{FDF11AD0-8604-4C8D-B755-C15390BB5865}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred_citadel\sacredcitadel.exe | 
"{FE8465B3-CBA8-4DCE-BDE5-9D25CAB150FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{FEFF91A3-E5D5-4F58-9194-D38E8F7F4C8D}" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{0170A005-2214-4FC6-A096-0B3199AEF03E}C:\program files (x86)\infinitecrisis\infinitecrisis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"TCP Query User{02427560-9BE3-4D44-B09D-ADB2FA9C5ADC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{078133FF-3C48-4040-A227-12345643D6E3}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{2F9C070D-3996-4935-B86D-39B50461B7A4}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{2FDB882E-71BA-4D1C-84FB-C453441A783E}C:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe | 
"TCP Query User{A446581A-BF11-4B17-9EE5-EF9A9E02CC19}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe | 
"TCP Query User{AC6D57D1-1832-43FD-85DC-0F785877DEC4}C:\program files\java\jre8\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe | 
"TCP Query User{B1E8F759-1DBA-4C10-9A15-7F71AB13508E}C:\users\alex\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{B5D5A36C-7BAC-424E-911A-91491B7798E6}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\happywars\happywars.exe | 
"TCP Query User{B8A700F2-3D9E-476F-A366-9E81302B4C1C}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe | 
"TCP Query User{C29E49EE-F470-4CAE-B700-F00AA1EB6B12}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{C82D06FD-88C2-4C09-BE3F-3BCF9C6BE926}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D97D8283-0CA5-4C2A-8659-93ECC12B11A1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E51DE631-B82B-41EA-A13E-2B80E05B2E55}C:\users\alex\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{EED3AEA0-6B22-4454-9A43-5C2613269CDF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe | 
"TCP Query User{F9D58D44-9E14-4A7D-A177-EF2B8B697DBC}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{FDB20ED0-CABA-4594-BA72-8A0E7427C0E6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{1BA9C73F-125E-43F2-A200-C71C67DE86AA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{243B43CE-B3BD-457A-A2E6-902F91F07ECC}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{2E90899D-D0BF-4CD8-B0F8-5999DBA86F72}C:\program files\java\jre8\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe | 
"UDP Query User{76577911-FB70-4B73-8F4E-B580AB0D4B46}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{81AB92FF-8B4D-4A63-9973-D04C52372B6E}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\happywars\happywars.exe | 
"UDP Query User{90B7E8E9-0C71-47EA-9264-09555292BA89}C:\users\alex\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{94D2ED3D-7C90-4C46-A2B0-79C03FC4B105}C:\users\alex\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{9B4D4BA4-B096-45F0-9AEF-8F43A0E3D5F6}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe | 
"UDP Query User{A58C3E7B-939E-4983-AF46-9D475E27F3D9}C:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\apps\2.0\9qolvwh9.1dc\3wyd8vdg.qnn\laun...app_59711684aa47878d_0001.0022_51cb52e10e3bac13\launcher.exe | 
"UDP Query User{BBA5422A-41B7-4538-95E4-D06B3EB1A68C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe | 
"UDP Query User{BEFEB917-49C9-456D-B85A-163834DEC8AC}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{C76E641E-C209-475F-96E6-F8726ECA4456}C:\program files (x86)\infinitecrisis\infinitecrisis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\infinitecrisis\infinitecrisis.exe | 
"UDP Query User{CB6F2EB5-7373-4FBC-99C9-CC6E01B4801F}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{CC10F6C1-0637-4C59-97B9-6EDD21AAAA1A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DFAB96CF-815C-4A2A-AC7F-C0194AB01991}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe | 
"UDP Query User{E209DB4A-AF18-42F8-BD29-EEFF17DA682A}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{E64B90DF-BECB-43A6-8A8D-92E066444CF1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F06417060FF}" = Java 7 Update 60 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{975290F7-01EE-6256-484A-EDD705037432}" = ccc-utility64
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{DD562794-C098-A1E5-66ED-10E8BD1C84C5}" = AMD Catalyst Install Manager
"{E94CF53A-B97F-DBCF-17F4-60AEECFC1A62}" = AMD Fuel
"{F15287C6-10E3-1676-AF50-CB0355A302F1}" = AMD Accelerated Video Transcoding
"CCleaner" = CCleaner
"DiskAid_is1" = DiskAid 6.4.9.0
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C7B34CC-3C7F-97F6-B989-1259B93E304F}" = CCC Help Turkish
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D437FD2-BEBA-294A-14B0-73DF88537625}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225E3607-953C-EFCF-84C5-727EBE431CAB}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3567AA55-A730-4EFB-D419-C198EF9C3B51}" = CCC Help English
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EA29604-AB1F-00F7-AD0C-11FC133CE7C0}" = CCC Help Thai
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{443F2BDB-67B3-E0BF-0A8D-D1FC7A83FB1C}" = CCC Help Japanese
"{449DC4DE-157B-4CE5-685D-8A0ACCDAEE9F}" = CCC Help Chinese Standard
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85401C-71E6-5487-F1C0-598C10E22D3B}" = CCC Help Spanish
"{501E43C9-C95D-8E8D-8D12-AA5FEFBA09EC}" = CCC Help Swedish
"{6395030F-815F-0948-F166-73ECC57097E3}" = CCC Help Norwegian
"{69C610F3-4DEC-44C5-D142-E69217E88448}" = CCC Help Russian
"{6A4945F7-5B9C-6DDA-A08A-048816260309}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777D5DD4-8BBC-EADA-B300-815B68F33D5F}" = CCC Help Finnish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2DD563-E1DD-920B-6E64-C057D4F080EB}" = CCC Help Hungarian
"{9D6D7292-8EA9-B5DD-9C10-D5B2937CFD84}" = CCC Help Italian
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A5B4707E-CFD3-A08F-ED69-C500D541EAEF}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B6700BBF-1153-FA04-FD0A-ADEF36C564E3}" = CCC Help Dutch
"{B8E7A402-AB25-F1EC-C21A-7E95F2BBDDB0}" = CCC Help Czech
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D6116D91-A114-671F-D075-73B4154F7390}" = AMD VISION Engine Control Center
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D87A50FE-11B3-3B70-77EB-E64570E82F9E}" = CCC Help French
"{DF549E6D-193A-0EA3-7C90-F24B631CC2EB}" = CCC Help Portuguese
"{DF7ADC65-EBCE-97DA-4C8A-4F0BCF7C0E73}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F08B3E29-706C-468E-B74B-74844E3FA1F1}_is1" = Dream Framework version 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F34B75-C634-8714-D226-9259FC1A7E92}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC53A2BD-6B34-C6FB-C3F4-9D8DC7ED5C92}" = CCC Help Chinese Traditional
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Air Video Server" = Air Video Server 2.4.6-beta3
"Battle.net" = Battle.net
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Foxit Reader_is1" = Foxit Reader
"GOGPACKROGUELEGACY_is1" = Rogue Legacy
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"hon" = Heroes of Newerth
"iFunbox_is1" = iFunbox (v2.7.2386.747), iFunbox DevTeam
"InfiniteCrisis" = InfiniteCrisis
"League of Legends 3.0.0" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MapleStory" = MapleStory
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Origin" = Origin
"pepakura_viewer3en" = Pepakura Viewer 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"SP_4e24eecb" = Search Assistant WebSearch 1.74
"SpeedFan" = SpeedFan (remove only)
"Steam App 104900" = ORION: Prelude
"Steam App 113400" = APB Reloaded
"Steam App 17080" = Tribes: Ascend
"Steam App 207230" = Archeblade
"Steam App 207930" = Sacred Citadel
"Steam App 209870" = Blacklight: Retribution
"Steam App 212200" = Mabinogi
"Steam App 215080" = Wakfu
"Steam App 218230" = PlanetSide 2
"Steam App 225640" = Sacred 2 Gold
"Steam App 230410" = Warframe
"Steam App 237310" = Elsword
"Steam App 238960" = Path of Exile
"Steam App 242720" = GunZ 2: The Second Duel
"Steam App 246280" = Happy Wars
"Steam App 265650" = Age of Wushu
"Steam App 270170" = Depression Quest
"Steam App 298260" = Only If
"Steam App 304930" = Unturned
"Steam App 317470" = Cubic Castles
"Steam App 40300" = Risen
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 91310" = Dead Island
"Steam App 9480" = Saints Row 2
"TeamViewer 9" = TeamViewer 9
"The Game of Life" = The Game of Life
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2766163382-2509794277-3812320332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"SOE-PlanetSide 2" = PlanetSide 2
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/16/2014 5:20:08 AM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program Warframe.x64.exe version 2014.8.15.15 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1668    Start
 Time: 01cfb930296d7bd5    Termination Time: 308    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
 
Report
 Id: 80b4f3e8-2526-11e4-a017-d43d7e974f9d  
 
Error - 8/17/2014 11:31:07 PM | Computer Name = Alex-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Alex\Downloads\SoftonicDownloader_for_camtasia-studio.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 8/17/2014 11:31:11 PM | Computer Name = Alex-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Alex\Downloads\SoftonicDownloader_for_camtasia-studio.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 8/17/2014 11:31:15 PM | Computer Name = Alex-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Alex\Downloads\SoftonicDownloader_for_camtasia-studio.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 8/19/2014 2:23:00 AM | Computer Name = Alex-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Alex\Downloads\SoftonicDownloader_for_camtasia-studio.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 8/20/2014 3:41:42 AM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program KrabyMod.exe version 4.3.3.30826 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1810    Start
 Time: 01cfbc487b942e5a    Termination Time: 43    Application Path: C:\Users\Alex\Desktop\KrabyMod.exe
 
Report
 Id:   
 
Error - 8/25/2014 6:44:20 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: raidcall.exe, version: 1.0.12943.90, time
 stamp: 0x539843d9  Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
 stamp: 0x4ba9b29c  Exception code: 0xc0000005  Fault offset: 0x00033072  Faulting process
 id: 0x9c8  Faulting application start time: 0x01cfc0b5f81735ae  Faulting application
 path: C:\Program Files (x86)\RaidCall\raidcall.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: 59c28d91-2ca9-11e4-8b25-d43d7e974f9d
 
Error - 8/25/2014 6:44:24 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: raidcall.exe, version: 1.0.12943.90, time
 stamp: 0x539843d9  Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
 stamp: 0x4ba9b29c  Exception code: 0xc0000005  Fault offset: 0x00037045  Faulting process
 id: 0x9c8  Faulting application start time: 0x01cfc0b5f81735ae  Faulting application
 path: C:\Program Files (x86)\RaidCall\raidcall.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: 5be0f91c-2ca9-11e4-8b25-d43d7e974f9d
 
Error - 8/26/2014 2:53:19 PM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program Warframe.x64.exe version 2014.8.22.16 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: c98    Start
 Time: 01cfc1527c9fff06    Termination Time: 430    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
 
Report
 Id: 3ca25047-2d52-11e4-b541-d43d7e974f9d  
 
Error - 8/30/2014 1:59:22 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 6.18.0.106, time stamp:
 0x53d13f6d  Faulting module name: Skype.exe, version: 6.18.0.106, time stamp: 0x53d13f6d
Exception
 code: 0xc0000005  Fault offset: 0x00928856  Faulting process id: 0xf14  Faulting application
 start time: 0x01cfc3ba79a345e4  Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
 module path: C:\Program Files (x86)\Skype\Phone\Skype.exe  Report Id: c917f54a-300a-11e4-8d39-d43d7e974f9d
 
[ System Events ]
Error - 5/22/2014 6:16:19 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
 service to connect.
 
Error - 5/22/2014 6:16:19 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 5/23/2014 9:22:24 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 5/23/2014 9:22:24 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 5/26/2014 10:28:57 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
 service to connect.
 
Error - 5/26/2014 10:28:57 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 5/27/2014 5:19:42 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
 service to connect.
 
Error - 5/27/2014 5:19:42 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the 
following error:   %%1053
 
Error - 5/27/2014 5:22:40 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 5/27/2014 5:22:40 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
 
< End of report >
 

 


  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Hello SupremePoser

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP