OTL Extras logfile created on: 1/26/2015 10:02:56 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clockwork\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 7.07 Gb Available Physical Memory | 88.37% Memory free 16.00 Gb Paging File | 14.77 Gb Available in Paging File | 92.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 500.00 Gb Total Space | 328.77 Gb Free Space | 65.75% Space Free | Partition Type: NTFS Drive G: | 431.41 Gb Total Space | 431.30 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: CLOCKWORK-PC | User Name: Clockwork | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = ComFile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0136A680-4ADD-4800-A51F-4B1DEEDA79C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0356E175-ADBB-448E-B878-8B8E57FBC494}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{081547A8-448B-4427-942C-5EF6FACDDDBC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{095E783E-A9AA-494C-8469-5B6365F9BD2C}" = lport=137 | protocol=17 | dir=in | app=system | "{0FA2EC44-EB6F-47D2-880D-0D0FD5E850E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{22DC784A-3B9B-48B9-8B55-E386F8756559}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{29F10764-A904-4CAC-9EE0-32B2B69BA2C2}" = rport=139 | protocol=6 | dir=out | app=system | "{53AD596C-4065-4190-A361-A7B554A3FEE0}" = lport=445 | protocol=6 | dir=in | app=system | "{57A9FFE8-CE28-40E8-95A5-F8D56A15BF10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E710AFD-7185-4C21-A91B-C8C09769C2AD}" = lport=138 | protocol=17 | dir=in | app=system | "{767B5FE0-578D-47EF-A8DF-4FB1D09882FD}" = rport=10243 | protocol=6 | dir=out | app=system | "{7B2327F5-78CB-4EBB-8DBC-89F4E3D81EE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9AE9BC36-39C1-491A-9E9A-47F63713838C}" = lport=10243 | protocol=6 | dir=in | app=system | "{A2C8C8E0-42B6-43BC-A12E-530E6F86F962}" = rport=138 | protocol=17 | dir=out | app=system | "{ABF8C614-6458-4AA9-93B0-1E64FB6AF18D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B728DA59-9E4B-4CD4-B020-3172EF828E4B}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9F6CA70-0379-4105-B2DA-78E22C9E92F5}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe | "{C6071D34-7085-4504-AF91-18CE1A8B4ADA}" = rport=445 | protocol=6 | dir=out | app=system | "{D2534D3A-E915-4F78-87E5-F8437BCD79C6}" = rport=137 | protocol=17 | dir=out | app=system | "{D4B04ADB-0609-4D8C-B688-F8EEEC2EE920}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ED91B028-AE1C-41DE-B996-3520B22F1E2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FE5AF1DD-B7BB-41EF-95B8-5483EBD5F3D9}" = lport=139 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{050B7076-4FA8-4048-86C4-602BDEC065E3}" = dir=in | app=c:\a\winonit.exe | "{0633C1F0-AAC5-413A-95AA-9E501BCA1E2A}" = dir=out | app=c:\a\getcap.exe | "{083A9378-C9AB-4A8B-829A-F3A5DFEA58C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0B17ED34-8D98-47CE-AD70-631372515631}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{11F11995-D294-414C-B1F3-B56D54BE9575}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "{12E8C027-D00E-4C0F-8E4C-AF43A3728BAC}" = dir=in | app=c:\a\internetport3.exe | "{14BE0496-C127-46AC-9935-22F649DFB503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{154D8D88-F58A-4008-843B-1A3D79C124C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sunrider\sunridermaskofarcadius-steam.exe | "{1B2CC766-C8E0-499E-A5C6-AEA6E32B79E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2422EBB5-B08B-4A0C-A2FE-4C7BF8D7761A}" = dir=in | app=c:\a\wincheckfe.exe | "{25EACD4B-13B6-4344-AC86-9D969D8D413D}" = protocol=6 | dir=out | app=system | "{2836D890-FD9F-4386-AA28-50A5CB30554F}" = protocol=6 | dir=in | app=c:\users\clockwork\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe | "{2BAF4D70-7219-4D29-88AD-7D2B4CB58FB2}" = dir=out | app=c:\a\wcheckf.exe | "{2EF44E22-524E-4AB4-A7F9-4EB61C2DE660}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{36B3F6D7-A7D1-4B9A-8EF4-4AE542B1B99C}" = protocol=6 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe | "{3E30E17F-3946-4125-BB86-D68FF37BB8FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{46DCF8A8-D207-4CAE-8BC5-B675121C4C15}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{47159CD5-FAA6-4B74-8B3C-840C0709E916}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sunrider\sunridermaskofarcadius-steam.exe | "{481F7666-0B54-449F-8825-CAEB2BFD234F}" = protocol=17 | dir=in | app=c:\users\clockwork\downloads\utorrent_1.7.1.exe | "{4B8C8638-1325-4A53-A159-B5C8BB731606}" = dir=out | app=c:\a\kcik4zs0priyuprf52jg.exe | "{4C9CC927-2F25-482B-90D0-215CBDFBB65A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{55E36625-8BBE-4055-BC9B-10226A39BEF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{567201E8-5966-441F-A0C4-BC80BBB9741B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\rust.exe | "{56FDD773-888B-4EA6-B3C9-081EF4039D43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{58513D2A-E759-41F6-925D-DA1DA53F172A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity - original sin\shipping\eocapp.exe | "{5939242F-1CE1-4D57-B823-31EC8F3DAEC4}" = dir=in | app=c:\a\kcik4zs0priyuprf52jg.exe | "{6D3C2C17-92A3-4F66-94D8-C33B66799E76}" = protocol=6 | dir=in | app=c:\users\clockwork\downloads\utorrent_1.7.1.exe | "{6DD82040-C976-4C38-A34A-099B61E1E146}" = protocol=17 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe | "{71770999-9BDC-4422-9A9F-7B5DAFEA1E31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicite\magicite.exe | "{73DAECEE-2767-4AA1-A5A7-61C8BB176CCD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7B1CB94B-BBD5-4863-BCBA-17161EDFFA11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe | "{7C29ADEE-F6AE-438C-AD6F-DA5FC2BC9C20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "{7C953350-CD56-4849-B6DD-4097186D9116}" = dir=in | app=c:\a\vchk.exe | "{7DA8E34B-33A5-48A0-A7D6-9AF2D9A1CC27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{7F75225F-5AAD-4676-B2FB-1D91C0CC67CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{80DBB924-D7BE-4ADD-982D-3852C149F6E3}" = dir=in | app=c:\a\getcap.exe | "{81E5C8EE-C89F-4609-B31E-FD85D00C2514}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{829593A7-8D4C-4278-804C-4ED2710AE5B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{84EB52C2-80A2-46E7-959F-A0FE77A2F368}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe | "{8759E119-7CE3-476E-B5D9-87B25E43E03B}" = dir=in | app=c:\program files (x86)\youtube downloader services\p4\youtubeserv.exe | "{8D4421EA-44D2-4771-8AC2-D7E85A8A7843}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\legacy\rust.exe | "{8D88E694-D112-4A72-9B07-3D874F58E324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rust\rust.exe | "{8F271D33-A7CF-4998-BE5F-65DACC554A00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicite\magicite.exe | "{9077ED2E-1EEB-4194-A472-9F4BED500B38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | "{92F8F3D0-DA67-4776-BF28-22A9F63D2FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | "{98150D19-3EB3-4088-A07D-BA05C3D70E68}" = protocol=17 | dir=in | app=c:\users\clockwork\appdata\roaming\utorrent\utorrent.exe | "{9995470F-9690-40DC-BB5B-46FCAA43D18C}" = dir=in | app=c:\a\wcheckf.exe | "{9B4ADE7C-7876-4060-8AE0-F21696913FC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9E73AA35-4CA6-4594-888F-7778F4CE294A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A2D0EB8F-5219-4558-BEFB-524346D540D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A3F08B85-5A0E-42F7-BECC-097DDDAFB972}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{A9D7E61E-9F46-4C15-AC3C-13DBFE3C8E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{ADCF38F0-EE00-4EC1-A7AB-AA26AA79A113}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{AE3837A2-8774-4156-A1A7-57723A95E86B}" = dir=out | app=c:\a\wincheckfe.exe | "{AFDC2908-A39E-41B8-8D88-05EE8FFAA902}" = dir=out | app=c:\a\winonit.exe | "{B680218A-5939-4EAD-8ED1-3D6AC790163B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{B7AD6E26-02D3-4351-8D74-F467EBA62F4F}" = dir=in | app=c:\program files (x86)\youtube downloader services\p4\powermgr.exe | "{BADC9165-465A-4ABE-B86A-C628AD05EA0C}" = protocol=6 | dir=in | app=c:\users\clockwork\appdata\roaming\utorrent\utorrent.exe | "{BB635EBC-0612-48A7-BA3D-55D296811571}" = protocol=17 | dir=in | app=c:\users\clockwork\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe | "{CA677B50-3F7E-47F7-A668-DC394BA58A9E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CB6A0092-2D2B-4ABD-924E-A0A726A7FEF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3817A57-8252-46A2-8014-CE4DB5E6F37A}" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe | "{D5E15A0B-FFC7-4422-9B6E-A1720CF83F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe | "{DCC41809-9D65-4C40-A106-EA01833959B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E0BB5F33-C8CA-4264-8500-F91F2D48DA84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | "{E1A534A5-79CD-4089-AF61-1789ACBCDD29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4BA6CD2-8E72-4E3C-B038-14378BA0B2C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{E6307FA6-EA11-4DFF-AE75-5787306E29CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{EBBB5719-E31F-4F78-A1FA-489BBE46AAE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | "{ED5ED7CC-17E0-4383-9B23-B67141F9FFC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F13F39A8-BF9B-4E5E-81C6-676ED3A951D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F3ABDD12-472D-47B8-A7C6-F43E676B9BE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7E24EA1-9D76-46C2-B9D0-A9190A7A44E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{FB89EA43-1459-4EC0-BB8D-A23F8E3FAE66}" = dir=out | app=c:\a\internetport3.exe | "{FB8B2414-2AF7-437D-9BF7-5C09131238D7}" = dir=out | app=c:\a\vchk.exe | "{FECBD353-F2DC-4982-B454-C65C6D6E2BB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFB1A327-6F48-499F-9B6A-AB618314AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity - original sin\shipping\eocapp.exe | "TCP Query User{92671EFB-702D-4C47-98C7-33AA7A14F003}C:\users\clockwork\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\clockwork\appdata\local\akamai\netsession_win.exe | "TCP Query User{D7F9635C-3205-4E11-8901-C7918FEF3F3F}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe | "TCP Query User{E19291C8-03FA-4BFA-A84D-F0EAC381FBD8}C:\users\clockwork\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\clockwork\appdata\local\akamai\netsession_win.exe | "UDP Query User{C63F3A25-D07D-4246-8FA1-C7918C20D7FB}C:\users\clockwork\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\clockwork\appdata\local\akamai\netsession_win.exe | "UDP Query User{D250DB07-0F9B-4A5E-8A4B-B31718924F2E}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe | "UDP Query User{EF0205D2-ECF6-4AB6-9487-592B6DCFC94F}C:\users\clockwork\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\clockwork\appdata\local\akamai\netsession_win.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit) "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.7 (64-bit) "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall "Logitech Gaming Software" = Logitech Gaming Software 8.57 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamTalk4_is1" = TeamTalk 4 "TeraCopy_is1" = TeraCopy 2.3 "WinRAR archiver" = WinRAR 5.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1A14AC87-9585-4AC5-BA5D-0A3A4C6AF7D4}" = MechWarrior Online "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22 "{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31 "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6BC12A2C-6B3D-4158-ACCE-C3602F7C6CF3}" = XSplit Broadcaster "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager "{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1 "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}" = MechWarrior Online "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "DAEMON Tools Lite" = DAEMON Tools Lite "divxh264_is1" = DivX H.264 decoder 8.2.0.26 "EPSON Scanner" = EPSON Scan "Glyph" = Glyph "Glyph Archeage" = Archeage "Mozilla Firefox 35.0 (x86 en-US)" = Mozilla Firefox 35.0 (x86 en-US) "Mozilla Thunderbird 31.4.0 (x86 en-US)" = Mozilla Thunderbird 31.4.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Search Module Plus" = Search Module Plus "Steam" = Steam "Steam App 1250" = Killing Floor "Steam App 230230" = Divinity: Original Sin "Steam App 252490" = Rust "Steam App 268750" = Magicite "Steam App 313730" = Sunrider: Mask of Arcadius "Steam App 326960" = Killing Floor - Toy Master "Steam App 33900" = Arma 2 "Steam App 33930" = Arma 2: Operation Arrowhead "Steam App 440" = Team Fortress 2 "Steam App 6510" = Lost Planet: Extreme Condition "VLC media player" = VLC media player 2.1.3 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent < End of report >