Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task manager showing double CSRSS.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 MK9000

MK9000

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 30 January 2011 - 11:53 AM

I also want to have any other problems fixed as well.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Robert at 11:48:20.99 on 30/01/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8190.5765 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Windows\SysWOW64\conime.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\boostspeed.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Robert\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NuonSoft Wallpaper Cycler] "C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe"
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\[email protected]\platform\WINNT_x86-

msvc\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Battlefield Play4Free: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-10 69152]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-5-27 6856192]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-27 264192]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2009-8-7 39424]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010

-12-18 129440]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17440]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for

Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-

18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20

89920]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1375992]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-01-30 16:08:42 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVG
2011-01-30 00:16:47 -------- d-----w- C:\Users\Robert\AppData\Roaming\f-secure
2011-01-25 09:27:37 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-01-22 06:33:29 -------- d-----w- C:\Users\Robert\AppData\Roaming\RIFT
2011-01-22 06:33:22 -------- d-----w- C:\Users\Robert\AppData\Local\RIFT
2011-01-22 05:02:02 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8130.tmp
2011-01-15 05:49:31 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-15 05:49:31 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-01-15 05:49:31 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-01-15 05:49:05 -------- d-----w- C:\Program Files\iPod
2011-01-15 05:49:04 -------- d-----w- C:\Program Files\iTunes
2011-01-15 05:49:04 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-15 05:47:05 -------- d-----w- C:\Program Files\Bonjour
2011-01-15 05:47:05 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-01-10 00:55:32 -------- d-----w- C:\Users\Robert\AppData\Roaming\Hi-Rez Studios
2011-01-10 00:55:18 -------- d--h--w- C:\Windows\msdownld.tmp
2011-01-10 00:53:28 -------- d-----w- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2011-01-06 05:46:24 -------- d-----w- C:\Users\Robert\Guides
2011-01-05 01:48:57 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-01-05 00:04:23 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-04 00:18:53 -------- d-----w- C:\Users\Robert\AppData\Roaming\IrfanView
2011-01-03 21:02:35 -------- d-----w- C:\Users\Robert\AppData\Roaming\Mount&Blade Warband
2011-01-01 06:25:26 -------- d-----w- C:\Users\Robert\AppData\Local\Warhammer Mark of Chaos

==================== Find3M ====================

2011-01-28 12:22:19 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-01-28 12:22:19 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-01-28 12:19:51 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-01-28 12:09:15 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-01-16 17:38:11 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-18 15:11:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2010-12-08 09:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-12 18:19:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-07 15:30:27 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 11:49:03.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:22 AM

Posted 04 February 2011 - 01:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Best Regards,
oneof4.

Best Regards,
oneof4.


#3 MK9000

MK9000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 04 February 2011 - 11:03 PM

OTL logfile created on: 04/02/2011 10:58:22 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.56 Gb Total Space | 108.44 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive D: | 14.08 Gb Total Space | 1.98 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
Drive E: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 22:57:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2011/01/28 07:19:51 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/07 22:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2009/06/30 15:33:28 | 003,708,472 | ---- | M] (NuonSoft) -- C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
PRC - [2009/03/19 12:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/04 22:57:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/28 07:19:51 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/01/12 17:53:15 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/28 19:11:20 | 001,375,992 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 15:27:46 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/19 20:42:36 | 000,133,712 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/12 07:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/27 11:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/01/20 11:49:30 | 001,254,400 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/11/07 10:30:26 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.27.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/12/17 12:24:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 17:08:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 17:08:26 | 000,000,000 | ---D | M]

[2010/09/10 18:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2010/08/10 14:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/04 21:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions
[2010/09/15 22:31:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/23 18:42:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/01/03 00:06:34 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/12 15:34:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/28 06:26:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\[email protected]
[2010/12/15 17:09:13 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\extensions\[email protected]
[2010/09/09 12:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Profiles\xi4dvb1g.Rob\extensions
[2010/08/28 08:32:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert\AppData\Roaming\Mozilla\Profiles\xi4dvb1g.Rob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/05 21:28:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Robert\AppData\Roaming\Mozilla\Profiles\xi4dvb1g.Rob\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/12/18 10:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/18 10:11:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/17 12:24:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
[2010/12/18 10:11:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/07 17:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/12 17:41:11 | 000,426,930 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14705 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000..\Run: [NuonSoft Wallpaper Cycler] C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe (NuonSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Robert\AppData\Roaming\NuonSoft\WallpaperCycler\NuonSoft WPC Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Robert\AppData\Roaming\NuonSoft\WallpaperCycler\NuonSoft WPC Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/15 01:52:49 | 000,000,050 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{731a21c5-8805-11de-b323-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{731a21c5-8805-11de-b323-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2009/09/22 17:02:07 | 001,668,472 | R--- | M] (Gearbox Software)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 21:45:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\Backup
[2011/02/04 16:30:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/02/04 16:03:15 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2011/01/30 11:08:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\AVG
[2011/01/30 11:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/01/30 00:42:23 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/30 00:42:23 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/30 00:42:20 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe
[2011/01/29 19:16:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\f-secure
[2011/01/28 16:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/01/28 06:36:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Battlefield Play4Free
[2011/01/27 22:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/01/27 21:58:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\League Of Legends
[2011/01/25 04:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/01/22 01:33:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\RIFT
[2011/01/22 01:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/01/22 01:33:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\RIFT
[2011/01/15 00:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/15 00:49:31 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/01/15 00:49:31 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/01/15 00:49:31 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/01/15 00:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/15 00:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/15 00:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/01/15 00:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/15 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/15 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/01/09 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Hi-Rez Studios
[2011/01/09 19:55:18 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2011/01/09 19:53:28 | 000,000,000 | ---D | C] -- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
[2011/01/06 00:46:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Guides
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 22:44:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3153312104-1599786319-2169677723-1000UA.job
[2011/02/04 21:44:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3153312104-1599786319-2169677723-1000Core.job
[2011/02/04 21:43:58 | 000,002,551 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2011/02/04 21:26:23 | 000,807,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/04 21:26:23 | 000,679,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/04 21:26:23 | 000,138,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/04 21:25:53 | 105,370,253 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/02/04 21:20:31 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 21:20:31 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 21:20:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/04 17:49:29 | 000,877,826 | ---- | M] () -- C:\Users\Robert\Documents\wallpaper list.wcl
[2011/02/04 16:31:31 | 000,644,929 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/02/03 21:37:45 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/02/03 21:37:45 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/02/03 19:54:20 | 000,055,296 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/02 10:30:52 | 000,153,558 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/01/30 11:06:41 | 000,000,998 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/01/30 11:06:41 | 000,000,974 | ---- | M] () -- C:\Users\Robert\Desktop\AVG PC Tuneup 2011.lnk
[2011/01/30 01:05:04 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/01/30 01:04:11 | 000,000,980 | ---- | M] () -- C:\Users\Robert\Documents\cc_20110130_010408.reg
[2011/01/30 01:03:57 | 000,000,472 | ---- | M] () -- C:\Users\Robert\Documents\cc_20110130_010353.reg
[2011/01/30 01:03:42 | 000,024,382 | ---- | M] () -- C:\Users\Robert\Documents\cc_20110130_010338.reg
[2011/01/30 01:03:17 | 000,117,606 | ---- | M] () -- C:\Users\Robert\Documents\cc_20110130_010249.reg
[2011/01/28 16:24:13 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/01/28 16:22:49 | 020,268,251 | ---- | M] () -- C:\Users\Robert\Documents\vlc-1.1.6-win32.exe
[2011/01/28 07:19:51 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/28 07:09:15 | 003,360,624 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/01/27 22:14:30 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/01/26 14:12:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/01/24 06:27:48 | 000,007,055 | ---- | M] () -- C:\Users\Robert\.recently-used.xbel
[2011/01/22 01:40:14 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
[2011/01/20 13:16:29 | 000,002,821 | ---- | M] () -- C:\Users\Robert\Documents\Rift.rtf
[2011/01/19 15:41:07 | 000,226,273 | ---- | M] () -- C:\Users\Robert\Documents\Gaming.wcl
[2011/01/19 15:40:26 | 000,791,677 | ---- | M] () -- C:\Users\Robert\Documents\Anime.wcl
[2011/01/17 05:15:31 | 000,007,052 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2011/01/16 12:38:11 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/01/15 00:50:27 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/14 23:44:59 | 000,002,049 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
[2011/01/14 23:44:59 | 000,002,011 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/10 10:41:18 | 000,000,107 | ---- | M] () -- C:\Users\Public\Desktop\Activate Northern Strike.url
[2011/01/10 10:41:17 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2142 Deluxe Edition.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/04 16:17:45 | 000,369,348 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI2C1B.txt
[2011/02/04 16:17:44 | 000,014,018 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI2C1B.txt
[2011/02/04 16:03:00 | 000,368,792 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI20D4.txt
[2011/02/04 16:03:00 | 000,011,226 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI20D4.txt
[2011/01/30 11:06:41 | 000,000,998 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/01/30 11:06:41 | 000,000,974 | ---- | C] () -- C:\Users\Robert\Desktop\AVG PC Tuneup 2011.lnk
[2011/01/30 01:05:04 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/01/30 01:04:10 | 000,000,980 | ---- | C] () -- C:\Users\Robert\Documents\cc_20110130_010408.reg
[2011/01/30 01:03:55 | 000,000,472 | ---- | C] () -- C:\Users\Robert\Documents\cc_20110130_010353.reg
[2011/01/30 01:03:40 | 000,024,382 | ---- | C] () -- C:\Users\Robert\Documents\cc_20110130_010338.reg
[2011/01/30 01:02:53 | 000,117,606 | ---- | C] () -- C:\Users\Robert\Documents\cc_20110130_010249.reg
[2011/01/28 16:24:13 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/01/28 16:22:03 | 020,268,251 | ---- | C] () -- C:\Users\Robert\Documents\vlc-1.1.6-win32.exe
[2011/01/27 22:14:30 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/01/24 10:58:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/01/24 06:27:48 | 000,007,055 | ---- | C] () -- C:\Users\Robert\.recently-used.xbel
[2011/01/22 01:40:14 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
[2011/01/18 21:11:06 | 000,002,821 | ---- | C] () -- C:\Users\Robert\Documents\Rift.rtf
[2011/01/15 00:50:27 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/10 10:41:18 | 000,000,107 | ---- | C] () -- C:\Users\Public\Desktop\Activate Northern Strike.url
[2011/01/10 10:41:17 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2142 Deluxe Edition.lnk
[2011/01/09 19:54:44 | 002,325,684 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_NET_Framework35_x64_MSI62BB.txt
[2011/01/09 19:54:27 | 000,398,678 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2011/01/09 19:54:09 | 000,003,734 | ---- | C] () -- C:\Users\Robert\AppData\Local\uxeventlog.txt
[2011/01/09 19:54:09 | 000,000,002 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_dotnetfx35error.txt
[2011/01/09 19:54:08 | 000,539,100 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_dotnetfx35install.txt
[2010/11/23 13:14:10 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/27 12:54:07 | 000,389,448 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI62F9.txt
[2010/09/27 12:54:07 | 000,012,078 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI62F9.txt
[2010/09/27 12:54:05 | 000,354,832 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI62F3.txt
[2010/09/27 12:54:05 | 000,012,358 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI62F3.txt
[2010/09/21 16:21:22 | 000,366,534 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI2CCD.txt
[2010/09/21 16:21:22 | 000,011,178 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI2CCD.txt
[2010/09/21 10:21:08 | 000,367,688 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI1916.txt
[2010/09/21 10:21:08 | 000,011,226 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI1916.txt
[2010/08/31 21:48:24 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/08/27 16:44:15 | 000,372,928 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI1CFD.txt
[2010/08/27 16:44:15 | 000,011,146 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI1CFD.txt
[2010/08/27 12:03:14 | 000,000,094 | ---- | C] () -- C:\Users\Robert\AppData\Local\fusioncache.dat
[2010/08/25 18:20:52 | 000,000,036 | ---- | C] () -- C:\Users\Robert\AppData\Local\housecall.guid.cache
[2010/07/25 10:41:36 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/07/20 19:37:58 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/06/21 16:15:35 | 000,366,762 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI1423.txt
[2010/06/21 16:15:35 | 000,013,526 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI1423.txt
[2010/06/19 10:18:32 | 000,007,052 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2010/02/28 21:39:18 | 000,354,606 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI0EDF.txt
[2010/02/28 21:39:18 | 000,014,566 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI0EDF.txt
[2010/02/28 21:38:39 | 000,399,496 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI0E5D.txt
[2010/02/28 21:38:38 | 000,015,022 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI0E5D.txt
[2010/02/23 12:54:08 | 000,000,732 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps64.dat
[2010/02/23 12:54:07 | 000,000,552 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d8caps.dat
[2010/02/07 08:57:07 | 000,419,698 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI5EB7.txt
[2010/02/07 08:57:06 | 000,015,466 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI5EB7.txt
[2009/12/10 12:05:56 | 000,418,028 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistMSI6D65.txt
[2009/12/10 12:05:56 | 000,011,466 | ---- | C] () -- C:\Users\Robert\AppData\Local\dd_vcredistUI6D65.txt
[2009/10/26 20:17:58 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\prvlcl.dat
[2009/10/26 12:36:44 | 000,000,258 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wklnhst.dat
[2009/10/25 15:17:46 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/10/25 15:17:46 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/10/25 15:17:46 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/10/20 21:49:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 21:49:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/13 19:14:51 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2009/09/13 11:51:59 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/08/14 09:52:05 | 000,740,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/11 16:07:22 | 000,055,296 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 11:23:36 | 000,001,234 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/07 10:11:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/05/13 02:57:09 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/05/13 02:57:09 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2010/12/07 22:48:11 | 015,431,430 | ---- | M] ()(C:\Users\Robert\????/TABOO.mp4) -- C:\Users\Robert\倖田来未/TABOO.mp4
[2010/12/07 22:43:25 | 019,301,574 | ---- | M] ()(C:\Users\Robert\?? ?? - Selfish [HQ].mp4) -- C:\Users\Robert\倖田 來未 - Selfish [HQ].mp4

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


OTL Extras logfile created on: 04/02/2011 10:58:22 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.56 Gb Total Space | 108.44 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive D: | 14.08 Gb Total Space | 1.98 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
Drive E: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BC 3D A6 BD 4B FE CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3EDA23-A0D3-4A94-8373-DA8F56C92FE6}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{11A5707C-B8F8-47B5-B34C-9778BC7A7067}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{16FD2341-D596-486E-95AE-4C93A1F315D1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{21292D5B-28BA-4F02-B4A4-615BD1C7D834}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{2349EB50-1F37-426C-914F-44F3C425E4E9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2E285279-AD54-4C00-98AB-6C49B45EEBC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38297B77-25F7-4593-AF9F-53EA8BDFAF8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44FBA535-3169-4D6A-9D0D-2A22DA8E4ACA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4857E12B-A004-42B7-B10F-575108DFB3AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61C777F0-A147-4961-AE90-A7DA5C3A194D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62F57990-31CB-43FE-8A30-44617305BC22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FF335F2-5610-465E-9D05-21895A7E8E64}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{7D91F533-049B-4A7E-AAB2-A86E93BD27E1}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{80DE03A6-EAC6-4D24-A260-7F73D3FBA3AE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8753FBF8-D890-4EFF-B63B-9BFEEA3344C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C1A0BCC-BCB0-493B-BFBE-A7D7D8F78023}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E8E159A-8F4F-4C06-8F12-15BEDA93567F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F5CF382-455C-48CC-BABD-471547510D44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9381B299-D4A5-489A-919F-8D2D331EB79C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{96984BBA-7110-42F7-9DFB-9EF855830B0D}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{9A2BE946-D5E3-49AF-8D08-D6B96F65A6BA}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{9EBE4580-3E51-4009-8922-4845A5D137C3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B3950284-E4F6-456C-BAEA-9C2341A28C7C}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{B3A8008D-7704-41E7-A742-79A5E9B81C0C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B89326C1-1393-488E-925C-70AC394D2653}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BE41E6B2-93BA-450D-BC75-70CEE8ADE28D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0466B49-DBE3-40FB-AAF6-B90B86A1B8C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBC7C70A-7E2A-44DE-9B8A-528B044D5884}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC56DF28-50A9-4F2D-9E2F-8675C46A8A29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F31FBA69-D1B7-4421-BE5B-11AB0A2182AD}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FD7D73DA-AE58-42F7-9956-066C47214946}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FEA5DEF8-FC98-4562-BDE5-6E399452F163}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01809AFE-3D8A-4822-8572-FD5373CC83B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{0503B469-38BC-4614-8F53-4C4A8DE260A5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{06488217-4B32-446A-A5E4-BD8FEE92EF16}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{07531561-3838-45FC-86FF-B59B128AAA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{09A8E000-5C3D-4DB5-B4F9-2767FC5E1EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{09ED7747-854A-48CC-9826-4338A0B02E13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum - demo\binaries\shippingpc-bmgame.exe |
"{0BFD7EF3-EB1C-4772-A643-2027F6F3F51C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{1173F1D6-01DF-4219-A381-3A4606DEF8F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{12CB6DC5-7F3B-43FF-84E6-F9D53A0B48A4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{165C87BF-10F9-4557-B0AA-57E24E371610}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guild wars\gw.exe |
"{16E2B218-57CE-4294-91D4-80E211656E8E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{16F7004C-907C-4A17-8DAF-E70963181860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1735C0F5-404D-403A-A3A1-22D942C369DB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{176116B0-B1AF-4FF8-A64C-C08C8C956C64}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{17B5D095-87FD-4835-B732-620896B429E7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{188B57E9-BF7B-4299-B98D-5BD8BAACD33D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpupdater.exe |
"{1DD51867-52E5-4C78-BA9E-34DC25757EC6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1DD96796-B2B2-4E30-B17E-2AD5F8B1F84B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{1F6D29A2-DF18-4FE7-A8BE-889A17B757E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{1FE84D86-87F0-49EF-9FC2-04E9D051B5AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{22DEA2BA-AACA-4048-A075-B3617C84E326}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{258D626B-8F3E-435C-921F-BAA562EAE4FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{272CA05D-E9DB-4417-A40A-52C08E27016D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{28DC13A0-A10F-4462-8612-440C39920A9F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{293E1195-733D-461A-9208-89FB65038892}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{2A8600B0-D743-41C3-BBAD-016BE885C314}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{2CDA6006-1197-4B85-9FAF-42F6CE5E4CCE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{2DAC35C2-29E7-42B9-847E-13A6528AE96A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{2F023BD0-C65E-423E-8A48-5F3FB47D2BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{30C09D15-F6C9-472A-9E06-2B5BA7E691DD}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{3217980F-CE3A-4C82-AEED-8E69E5E2D4DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{32BCD81E-8F62-4FFB-B23B-DC45696CD1BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{33B180C8-03A5-4097-A322-5B8BA644CCD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"{33B6BCFA-8A3D-45D5-ADBC-C23CC44AFBAA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{354404E6-529A-406D-BE0D-8F13869FD7F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe |
"{37B10996-BACE-48E1-A506-D1EC368D0317}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum - demo\binaries\shippingpc-bmgame.exe |
"{38A020AB-1732-4F74-8707-8A2812717C28}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe |
"{38A93FBC-49BB-4009-B554-83C25D9ECA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{3996815B-E316-426C-AE2E-3D433F90CDD2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{3B58632C-A460-42DB-B4CF-FC47DF1FFDBB}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{3C8F7B42-6E6D-413C-A318-98D2105F14F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3CC67A63-F3FC-46E1-A415-040B565F417D}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{3DEE5B1E-13AE-4039-B0EB-4342F950EA0B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{3EB803E1-F250-4AEB-9851-2F7AB34C2B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{4260616C-67F5-4AB9-B718-2EBD688C3946}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{4401E89C-BEDD-44B0-8D6F-EB7EFBB312B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{458EA43A-BB1A-42AF-A555-F5A10AF0E898}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{45D9D3BD-CA29-4595-8530-557D4F74902C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{46ED272A-1CFD-4F73-961A-1C0264999262}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{47467BF1-E9C1-4FEB-90F7-3A1A4C837678}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{4810ED5D-F9C0-4FEE-850A-C5066910EA55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{48F5D30F-E2AC-46B2-8DBB-194AA339E83F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{4D619666-35C8-4506-AED0-4C7A25869B20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{50ED2A93-4D7F-4A97-AF73-2F3EF0FBB355}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{510DC388-6049-480B-8683-4B48E5DB8684}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens versus predator classic\avp_classic.exe |
"{51EDF26C-35E2-4B59-B88F-11FD72BEC866}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{5284E05B-7219-4676-BD53-D069405C63E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{57600CD3-5248-4D18-81A9-C7E081D96F30}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{580DB6D5-D346-4D38-8F38-C5F6B1BD49E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life\hl.exe |
"{5A67A057-1CF2-4383-A4CC-A1F2F587F15F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{5B5B3369-6066-4364-98A1-7A40EEDB3CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{5CE51D38-6A55-4DEE-AD3C-3CFB4373695D}" = dir=in | app=c:\program files (x86)\thq\relic entertainment\company of heroes online\cohoseeder.exe |
"{5D3380CB-1472-40F9-B56E-0F3BBE290610}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{5D5CAC41-7481-4FAD-BF9F-A2C310EDAA83}" = protocol=6 | dir=in | app=j:\sst\utilities\norton removal tool\symnrt.exe |
"{5E62DDBA-6896-4B84-92B2-C8A4CEF7EC75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{5F0F3DFB-7C29-4382-902A-2A3826BB85BC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{60ABC653-E413-4BA1-B88D-2CA4EE8BE57F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{611CC47D-5A2D-4235-BE06-F8C93C53BD98}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{6231E466-825B-44E0-8320-29737A1B3A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{64095076-4A66-4F46-ABC2-5D79734257BA}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{6610E939-937C-42DF-B965-1BFE4B69BAE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{68FAB370-BFB5-4273-AD60-2FAD18E923E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\docs\ea help\electronic_arts_technical_support.htm |
"{6977FBB3-B0A5-4B84-BC43-7777383332B7}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{6BA8E9F1-A381-496C-B998-B2F21EFECC61}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6C25102D-8E5C-43C1-9AD8-638E019D77E4}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{7035E287-34DA-4444-8E7D-C8C330585716}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{706C3BE2-B618-42E5-91CD-96BAE8667B40}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{74A5482E-6F0F-4AE5-BEB9-DCFBDE11776A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{75F77FF4-208E-4DC8-8D62-664D5E4361C9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{78A617A3-611F-44B7-BAD3-DF4F509CB79D}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{78B88BC1-B8DB-48D7-A173-F7A86EC083B1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{799778E7-A9D4-4D95-80D8-3464EA13D7AC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{7A18AE98-76B4-48D8-8ADB-7BC9239F0E36}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{7AECDE4F-40D7-4B69-80F9-AE4998D93BF2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{7D0CC0D8-31D7-410F-930C-DE4E4290BEB9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7E20C2C5-058F-4395-AA14-F6AF93C025C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{827903EF-14F8-4CA9-A2F6-A5F716C198A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"{829E3897-5065-437B-B604-757FAC6CE0FA}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{86C42E3F-F0DB-475C-B203-AA2FB5E57C30}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{8CA24EE5-7B9A-4EDD-B9B1-0A8203D8D30B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{8F576607-A413-448B-A042-73F82B5E509F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life\hl.exe |
"{9239D2B0-DFC7-4A4E-882A-14A5AA9CEF39}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{94B94D8D-45B2-47B9-BB29-F9874A18A68C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{94C87E5D-2D26-491B-BC05-E36277E38A85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{954F25F2-F336-4134-963E-F90FA699912B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{960A5BFE-DD39-4C7B-A14C-A65606B7E06D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{964FCA0F-6E60-4344-A1C2-B17222EEC147}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{98D4AA65-869F-4795-8CED-336760EC91C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic.exe |
"{98E63F2D-D68E-49AA-9095-143FAEFF698F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B5B7E50-72E0-4FE8-95EC-0639B381E617}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{9BE7175C-0801-4BF0-BC70-BE2FF81AB40B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{9E9B223C-24CA-4BE5-A38E-BC743F00621C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A037BB1F-8116-4F8C-BBD7-E25DCE3B08DA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A05C1727-80E2-4093-9C1E-EC891D91AF1A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A0AB6512-A2FA-4AA9-A592-3DB44D21AC7C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A0C16D34-61A1-4176-9120-65372495993A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{A21FCC96-25F9-4EB9-99CB-57FA469CB1EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A2A0DF75-89E9-4549-9BF9-4CFE63A58F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{A46E7EE1-A5E8-4438-9344-09F14729C39A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{A59E5B5F-4E1A-4E91-B4BB-58A02573F065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AA00A370-676D-4D5E-A1E0-E4F45A846C87}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpupdater.exe |
"{AD4EC6AB-69DC-4520-8F02-1EBE13D723BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{AE739DC2-8799-4FEF-BFA9-D4FB55F63854}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{AF5B52C6-A4BC-4641-BD1E-EEFD865041D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{B019E6E8-2093-4CA0-B651-1B8C577CD8CA}" = dir=in | app=c:\program files (x86)\thq\relic entertainment\company of heroes online\game\reliccohoww.exe |
"{B20E037D-1534-44E5-9D14-11BD8FE42322}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B3DE9DC5-B46B-4934-9064-5F60E3274DBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine demo\trine_launcher.exe |
"{B534AF53-BD7B-4BF4-9994-8488815519A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{B548C704-985D-4CF0-B407-C1F1121DD588}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{B6B3A747-84E4-4AD0-967A-D6C72069B8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{B6DFAA1E-F017-41FC-9897-2C7DD5567A89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B74F20E2-E41C-4C8F-A5D9-ED68A84EB46A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B84FC324-7960-4043-873D-A920A3E3E8D5}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{BA5C420B-77CF-4BB3-AD3E-19F10B1061B6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{BB3D5E88-72F5-46DD-83E9-CFDEB8C12446}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{BEEA2ADF-3957-4894-A531-7B928343DD55}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{BF7E768D-D095-4926-B7AA-820A5F2FEDB5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{BF8E8DB3-2D63-4596-8371-31A3B61F748A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guild wars\gw.exe |
"{C149BDFE-3F04-4EF7-801D-22D1D1A106A8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{C1AA4FD0-6407-452F-959A-E8EE89E007C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_online.exe |
"{C41DD58D-9899-40D7-A87A-70D0F3899438}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{C506F7B0-30CA-443E-BEB6-93FC0C4C719F}" = protocol=17 | dir=in | app=j:\sst\utilities\norton removal tool\symnrt.exe |
"{C64894C6-2EF4-4BD4-BEDD-6FF0C1CFD569}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe |
"{C6D8A20A-BFE5-4901-B672-A3C6A8FF6007}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C71B34F5-2468-4C15-8F36-90EA0CF43BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe |
"{C733B974-04E9-4826-9A23-BE59BFF00A95}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C7411BFB-B1D1-4A79-A267-A5BE3DE60B84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C7B64DCF-7D5B-4E9D-BC99-B8876A098DDF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C8AD4AEE-91B8-4390-AC67-B1E5B374B309}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{C90C1D70-D8AF-47ED-95ED-D978C239CD1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"{CB44E54D-B47D-4F50-AF5C-614C4C2D026F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe |
"{CBF17193-7E68-4664-96D0-0B85B77026D0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CCA7668F-08CB-4173-84AA-C375D59B59A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CD016F5B-C6DE-4AFC-A97F-DAA428565900}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2 demo\masseffect2launcher.exe |
"{D0BCC1DA-176E-4FFA-A793-C486B02ECA47}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{D122009A-34E2-4728-84BC-4CD47036F66D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{D1306425-E7F9-4D27-94D2-57E5B340AFCD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D154945E-1D38-408D-B922-7E2F0E52BCE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{D1BF4DB6-BC25-4EAF-88D9-1E2F84A9BC66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{D3A18475-3B55-41D8-9725-E25B345E1150}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D7B585C7-F61F-4AB9-BBF7-D0C13D128831}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{D98F4A72-2582-4823-8043-CF2A5BE9B0EB}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{DA824A29-7F8E-4EEC-9187-075ECF116268}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{DB2E1CC3-7927-47F4-95DC-E950A4351C9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{DBEE9527-31AF-4CAC-82E0-73762715B7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens versus predator classic\avp_classic.exe |
"{DF340F28-7352-46CF-8541-D0613487A660}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade warband - demo\mb_warband.exe |
"{DF944871-C40A-44AD-A469-2E747A96BFEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E2E51E20-8F63-42C0-B015-203BC91E98B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{E960C1B2-758B-4177-8483-E9E167CF728C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E97B4F0D-0421-4EA6-910D-3D5820551545}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EA6A1340-B445-4842-9BB2-62AAA8D47393}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\world in conflict\wic_ds.exe |
"{EB0F3EA3-4E56-4EA0-8E98-6C2F95DD97AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{EBFF8598-9ABF-47C4-B0EE-B5A31D9E3454}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{EC9AEF34-3B96-4688-835E-53CB479D6E62}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{EDB24750-9B89-4733-BEC3-43ED1B9D44FE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F17C3F6B-DE22-4925-B0B2-4B6760A6A097}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{F339DC16-2A11-493F-9D25-F0600CDCEBB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade warband - demo\mb_warband.exe |
"{F3D4D660-C12C-4B3B-9F79-B5F89527C56D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{F5367FC6-3253-49B6-8EDE-5DE2CFCFB5F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\zombie panic! source\hl2.exe |
"{F5405D0F-5072-48D8-B9EF-C2F06EEA0EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{F68F77ED-D8D4-466D-9872-DB3D6C0B6C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{F714CCA3-8E94-4614-94DB-D758B7B4F3C7}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{F7359555-6F19-4EB6-AAAA-68CE216898D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{F76B22DD-94D7-4E53-AD15-2598A9909BFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FC78A69F-34D0-4CF0-8902-F2B926279A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE26D91E-BDA8-4C5E-97B8-38CF7F3BE468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{FE9AA6A0-4131-488D-BFB2-E5F3611F5BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"TCP Query User{02CA0219-2171-4995-BE85-BA6148A77A63}C:\program files (x86)\steam\steamapps\common\order of war - demo\oow_final.bin" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\order of war - demo\oow_final.bin |
"TCP Query User{038FDDFB-8502-4CBC-8006-F9535512171F}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{0AD9C1A9-EDCD-4942-B908-0F08E2FE63D2}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{0BFE2695-8F01-4DA2-B10E-89DB9B3753B2}C:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0000_c5a533e89f52d1af\coholauncher.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0000_c5a533e89f52d1af\coholauncher.exe |
"TCP Query User{0ED70D23-B260-4492-9ED0-8197EE96E03A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{11DF5B9B-C9DA-44BD-8DDC-7123E068E1E8}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{1EA392F6-EF49-4F40-8E54-C17CA95CB1CC}C:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"TCP Query User{21BF5C00-0E68-4A53-A22F-A779279BFC96}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{26DF6B68-E9F5-4FF3-9488-A76C5D5A5117}C:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe |
"TCP Query User{2B64DD7A-BF7C-4E2B-A859-A26B28C9E2AD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{326AC8A6-CB1F-4155-BE05-DD5BF488E5E2}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"TCP Query User{327482C5-5FDF-4EC7-BA0D-53B923BA4C9C}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"TCP Query User{34D83333-8463-4ECA-8BEB-E867DF8060F0}C:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0001_2a7d0e5b85b7372f\coholauncher.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0001_2a7d0e5b85b7372f\coholauncher.exe |
"TCP Query User{3C212964-3909-4CA5-8164-BFDCE2CD43A8}C:\program files (x86)\steam\steamapps\[email protected]\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike\hl.exe |
"TCP Query User{406A2C51-58ED-45A7-8B9F-39522BDB7768}C:\program files (x86)\steam\steamapps\[email protected]\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life deathmatch source\hl2.exe |
"TCP Query User{41BBD1AC-12E2-44E1-B5E5-C331E08D57F0}C:\program files (x86)\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"TCP Query User{4C4D9116-31D1-435D-ADFB-4758398B4317}C:\users\robert\downloads\sc2-battlereport-4_esrb-downloader.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\sc2-battlereport-4_esrb-downloader.exe |
"TCP Query User{50FE4B88-1E48-439F-8B99-A77EEC4C7B24}C:\program files (x86)\turbine\the lord of the rings online - public test\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online - public test\lotroclient.exe |
"TCP Query User{51360415-72FD-43F0-BCBB-4264E22C17E8}C:\program files (x86)\aspyr\men of war\mow_mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aspyr\men of war\mow_mp.exe |
"TCP Query User{567EAD45-15DE-46F7-B953-FC0D0005BAB0}C:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe |
"TCP Query User{57BB03E5-AD84-49DE-AF80-279D0510E436}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{5A7AC3E4-69D2-4336-A7AF-86B4278DAA38}C:\users\robert\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{60A453C7-6228-4F1B-A7DA-D1D501114182}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{619E9BF3-F3CD-4163-AC75-D5257FF791F9}C:\users\robert\desktop\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\robert\desktop\starcraft ii beta\starcraft ii.exe |
"TCP Query User{625EED4C-F1DC-4F1E-8B27-F9B851D9E804}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{640E6B50-5B5D-4C77-983F-1837F64B1903}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"TCP Query User{658DCF28-460F-40A9-B926-2E66B82F8456}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"TCP Query User{67F0ED59-26A1-4A24-829E-B0399469F265}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{6CC0D877-AF52-42A3-B542-AD28DFC14967}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{778CCE3D-2FD4-436B-B19A-1F854C5AAA0D}C:\users\robert\appdata\local\temp\39b8e855c29f4563a0ff0719b9410531\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\39b8e855c29f4563a0ff0719b9410531\relicdownloader.exe |
"TCP Query User{78FAC2C6-F873-4E56-B07E-089DD0CDC5E1}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{7A850E52-FF2E-4A6D-92F6-2ED8F928E6CF}C:\program files (x86)\steam\steamapps\[email protected]\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\insurgency\hl2.exe |
"TCP Query User{7D7C0F5E-58B5-4EC3-B561-5F35629BBECD}C:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe |
"TCP Query User{7DC48074-79CE-4DFE-9F59-C10C9279F764}C:\users\robert\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
"TCP Query User{808AC59F-6A73-4103-9864-213405ED2B90}C:\users\robert\downloads\starcraft_2_beta_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\starcraft_2_beta_enus.exe |
"TCP Query User{813E4369-EF11-4232-9FDD-E0B6B160DEB0}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{94B5006F-4863-4262-8DE5-40FD229A6998}C:\users\robert\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
"TCP Query User{9907753A-5D94-4201-981D-3D6603B976A8}C:\users\robert\downloads\wotlk-intro_en_us-downloader.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\wotlk-intro_en_us-downloader.exe |
"TCP Query User{9A2036CC-8673-4C5B-A261-8C5399B9AEA0}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{9AECA470-E6AB-4EE4-9EFA-E6943568CA99}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{9C2227F4-C669-47BD-B867-332DB0656320}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{9CD104F7-A855-4A66-9EF4-8C4563B20C46}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{9F542A39-FBB6-4F38-82C6-F2A2E8215BB6}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{A3C50EBA-D7B9-46A8-9651-F2FA889F7123}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{A468DBDB-D2C8-4038-8245-F7C8F2915E1A}C:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"TCP Query User{A9CDD483-E749-49B0-9CE1-9785D79731B1}C:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe |
"TCP Query User{AC52D57B-D637-485F-B960-C376FE1834DF}C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"TCP Query User{AD38E425-0B80-4618-BB00-D35D9BA8EE66}C:\users\robert\appdata\local\temp\78f52f17403d46819198b9e422ea73c8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\78f52f17403d46819198b9e422ea73c8\relicdownloader.exe |
"TCP Query User{ADE238C5-F986-463F-85F8-E8E149677F68}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{B12EEB34-B0FA-4C6B-BEC8-11A4ED065537}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{B1F88AD3-F14F-4EE5-B590-EF3BF109BD14}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{B8864349-AACB-4302-898A-B7F6FE2F2EFC}C:\program files (x86)\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15580\sc2.exe |
"TCP Query User{B9606CBA-ABF3-4D53-97F3-3F257C146C26}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{BDD96067-78C2-4434-B4FC-7A84ECAF7C3F}C:\users\robert\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\mtgoiii_helper.exe |
"TCP Query User{BECAEDAB-2550-4CDF-9A28-284DD3A2F72F}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{C04EB5DA-D40B-45AD-9832-FAA5827E10B7}C:\users\robert\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{C457F8AF-01CD-4AD8-A95C-FBFF114E09E2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{C7DBF753-4AFC-4253-B5A3-6113A1830439}C:\users\robert\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
"TCP Query User{CCD1C91F-A48C-47DB-8A9F-907DBF1D795C}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{CCFBA814-47A8-4397-8377-29E804080CD9}C:\users\robert\documents\my games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\robert\documents\my games\warcraft iii\war3.exe |
"TCP Query User{CD218D77-BB2F-4D2C-8248-F67BE73A8E0C}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{D0BC0994-D68A-4487-9BB2-413A7800C3D4}C:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe |
"TCP Query User{D32F58F2-B5D8-4751-8471-91E841F67E3E}C:\users\robert\downloads\announce_trailer_en_us.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\announce_trailer_en_us.exe |
"TCP Query User{D5AFA3B5-139B-4BBE-8575-20E44C4A9379}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"TCP Query User{D6DAB67E-B66C-48EF-BD34-47D01DBF5505}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{D96AE7EC-7BF7-448E-B330-ADF2B02AD216}C:\users\robert\desktop\starcraft ii beta\versions\base14259\sc2.exe" = protocol=6 | dir=in | app=c:\users\robert\desktop\starcraft ii beta\versions\base14259\sc2.exe |
"TCP Query User{DA9986BC-310A-4FAA-BB07-E40DE0FC5213}C:\users\robert\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\downloader_diablo2_enus.exe |
"TCP Query User{DCB30041-5184-49C6-8309-37E8739AC110}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{DCC2571E-D945-45A7-A221-D8F045894C89}C:\program files (x86)\aspyr\men of war\mow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aspyr\men of war\mow.exe |
"TCP Query User{DD5B71C1-246D-4741-AD09-4919CCD99001}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{DDB954B6-6F92-49B1-972A-8D58D745C317}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{DE04FEE6-468B-4DA3-A947-BAA123E525AD}C:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe |
"TCP Query User{E1E68222-84E3-48F7-A15A-D8874F61F247}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{E37B1417-4F07-4558-8D12-4174439BAE30}C:\users\robert\documents\my games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\robert\documents\my games\warcraft iii\war3.exe |
"TCP Query User{E5443E2B-A984-47A3-AD29-71626FB6DC22}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{E5AC3B9A-A670-4CB6-A595-971AF7EA9026}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E6CDC6BC-3CC0-4A19-A474-D18FBEAEC4A5}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{E722E83A-898E-495A-B07B-28F412081363}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E7505237-617B-4BEC-9E90-C985654997AD}C:\program files (x86)\timegate studios\section 8 open beta\binaries\s8game-f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\timegate studios\section 8 open beta\binaries\s8game-f.exe |
"TCP Query User{E9F5B3DF-2D71-404E-B23E-7B07C91346B7}C:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"TCP Query User{EF32F6FB-C219-4B05-89B9-7938135F4356}C:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"TCP Query User{F7A328CD-42C3-4D57-9E44-100377DC38FA}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe |
"TCP Query User{F7DAEE8A-973D-48CD-9345-D1A274A16B90}C:\program files (x86)\steam\steamapps\[email protected]\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\source sdk base\hl2.exe |
"TCP Query User{FA03247E-7C24-402D-BBA8-08349B5CADA8}C:\users\robert\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\robert\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{00BEAC74-364D-42E0-A9D0-C5EEAD997377}C:\users\robert\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
"UDP Query User{00EB2329-A49E-4FAD-88C2-D9F86023DF04}C:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namco bandai games\warhammer mark of chaos\warhammer.exe |
"UDP Query User{028459D2-7954-4320-ABDA-AAAB07273FF1}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{04EECB62-C1EC-4758-97B3-42BF85D038D7}C:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15655\sc2.exe |
"UDP Query User{05490579-0825-41A0-BD32-E5811553D2AD}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{08B309CA-F861-4FBF-9F20-483079C05D04}C:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\day of defeat source\hl2.exe |
"UDP Query User{1380EEF0-8DAD-4BA8-8390-37B4AC35F21F}C:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe |
"UDP Query User{13A0F52C-0847-488F-AA37-339519B18F41}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"UDP Query User{165CC2F9-69AA-43C1-844C-2BA41C83648E}C:\users\robert\desktop\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\robert\desktop\starcraft ii beta\starcraft ii.exe |
"UDP Query User{1CF55054-44CB-46F2-8F8A-3455498FDD7D}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"UDP Query User{1E6E2871-6E10-4152-861B-1C410B691D01}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{1E8105D8-89A2-4A50-A52C-AD05203990CD}C:\users\robert\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\mtgoiii_helper.exe |
"UDP Query User{20ECDF96-139F-4BEB-9F1A-19AF9390760E}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{2321EEF8-1C6B-4FCA-BC41-5422E54FC02F}C:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"UDP Query User{2A23EF10-68A3-469A-9B87-D27BA2AC8EE4}C:\program files (x86)\turbine\the lord of the rings online - public test\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online - public test\lotroclient.exe |
"UDP Query User{35526683-D77A-4618-A1C2-D5DC88DE9501}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{387E9CAC-26AD-4B99-AE70-6BBE31BD1FCE}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{3BC8190B-5724-414D-9336-EFF792327CCB}C:\users\robert\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{3CC82BFD-282E-40B2-A460-D377EB92EA50}C:\program files (x86)\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15580\sc2.exe |
"UDP Query User{3DA41D72-DBA9-4686-994A-33C2E6BAC2A7}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{40B4E076-5EF3-484D-B622-DB34A24FA6A3}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4254B8FB-C1B8-4B8C-8CB1-6F3E71095FFC}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"UDP Query User{442BC155-66F3-44A7-9317-9B941380A365}C:\program files (x86)\timegate studios\section 8 open beta\binaries\s8game-f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\timegate studios\section 8 open beta\binaries\s8game-f.exe |
"UDP Query User{488CED7D-0C69-46F1-A0B1-CFE82335AE64}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |
"UDP Query User{4DFDF1DA-9A58-423F-9608-DFB956BEEB65}C:\program files (x86)\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40kwa.exe |
"UDP Query User{5CE737B7-7324-4B97-A53A-044A4F2AFBE3}C:\users\robert\desktop\starcraft ii beta\versions\base14259\sc2.exe" = protocol=17 | dir=in | app=c:\users\robert\desktop\starcraft ii beta\versions\base14259\sc2.exe |
"UDP Query User{5F4D04D9-ADF3-40A7-973F-444DACB035F7}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{637F05F9-D546-44CF-9502-C35194A2D30D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{65499EF6-91FD-4B69-8236-642E855726D8}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{6561C476-67D9-4E9B-9A96-59F95CB3D8E6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6A28B345-C99A-4D17-9BE5-5AD87EBB5E78}C:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"UDP Query User{6CAF4887-4236-4E68-AADF-F0A1C1F05310}C:\users\robert\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{7008FCD5-098C-47B1-AF5B-ECF2A6AD6365}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{722BA8C0-1C97-42B8-84F8-9A5A2A225CBD}C:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0000_c5a533e89f52d1af\coholauncher.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0000_c5a533e89f52d1af\coholauncher.exe |
"UDP Query User{73B3A41B-CE5E-4B25-9222-D228B18FD131}C:\program files (x86)\steam\steamapps\[email protected]\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\insurgency\hl2.exe |
"UDP Query User{75A09FCB-1B96-4800-B856-9B7EE2387CA8}C:\users\robert\downloads\starcraft_2_beta_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\starcraft_2_beta_enus.exe |
"UDP Query User{7AD01B80-6B67-4EF0-BBA2-9304E92A9DE9}C:\users\robert\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\downloader_diablo2_enus.exe |
"UDP Query User{7E75C739-BD02-4E6A-908A-14C981B0853F}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{87CFE9EE-9920-460F-AA18-154569A0CB07}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{8931C2DA-2B43-4CB5-AF58-FBE9C7B5F3D6}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{89E32A33-54B5-41C5-B5C6-E7D2A626321A}C:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0001_2a7d0e5b85b7372f\coholauncher.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\apps\2.0\mnawym40.phz\emgxocre.wja\coho..tion_4fdd38d166a17713_0001.0001_2a7d0e5b85b7372f\coholauncher.exe |
"UDP Query User{8D30CF74-D975-4E3D-89B7-20E1D8D5649B}C:\users\robert\downloads\announce_trailer_en_us.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\announce_trailer_en_us.exe |
"UDP Query User{93978990-00DC-4C20-A5C8-B4AF8BEA5FC8}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{95892013-BF2B-4594-A764-BE1B00305A38}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{9C42C060-9552-4BF8-A56C-326CE7D7F51E}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9CD67F98-04A9-483A-B664-78B681BE163A}C:\users\robert\appdata\local\temp\78f52f17403d46819198b9e422ea73c8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\78f52f17403d46819198b9e422ea73c8\relicdownloader.exe |
"UDP Query User{9D0F729F-371C-4186-8D58-7DCCFDA4D173}C:\users\robert\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
"UDP Query User{9F4EB53B-6531-4046-9031-3D93B4736B04}C:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life 2 deathmatch\hl2.exe |
"UDP Query User{A4A3CEEF-F83F-476F-B993-7D2FA06DB739}C:\users\robert\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
"UDP Query User{A824E4DB-FDA4-405F-A93F-05435FD6CDA5}C:\program files (x86)\steam\steamapps\[email protected]\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\half-life deathmatch source\hl2.exe |
"UDP Query User{A9EF0423-C9DF-4237-B8EE-B5A42B41D51E}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{AA4AB842-8773-4EC7-BDB8-844ADAA106D7}C:\users\robert\appdata\local\temp\39b8e855c29f4563a0ff0719b9410531\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\39b8e855c29f4563a0ff0719b9410531\relicdownloader.exe |
"UDP Query User{AA64730A-C854-41B5-AD0B-BD6F7F4F046C}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{ABD21B1F-4D76-4F33-A5EA-F9274949208A}C:\users\robert\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{AC2F3DF7-6562-4695-BBCE-3F80A76A1CF4}C:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe |
"UDP Query User{AD0DA380-C289-4CFD-B467-54CF79F42D56}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{ADB1920D-7AAF-49EA-B0F1-4FA88995813F}C:\users\robert\documents\my games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\robert\documents\my games\warcraft iii\war3.exe |
"UDP Query User{ADFD0FE0-EF6F-4BB0-BCA6-DCE0691E0550}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{AFE7B958-7D40-4337-8B4C-43BA4285FFC7}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{B44B5874-83D4-4B9E-A4C3-A0657C765A24}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{B85ECBFE-72B0-4F8A-8F57-A3B6975395C8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B9092BA2-6625-4D99-B570-679069948B7E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{BD6741BD-2882-494E-A700-F149AB733C7E}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{BEA3CECE-16AE-4828-ACF7-169925CA03F7}C:\program files (x86)\steam\steamapps\common\order of war - demo\oow_final.bin" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\order of war - demo\oow_final.bin |
"UDP Query User{C04A0FE8-78FC-4D48-9886-E14E51373F1F}C:\program files (x86)\aspyr\men of war\mow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aspyr\men of war\mow.exe |
"UDP Query User{C29302DD-30B9-4C8B-8456-1A593448E1B5}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{C4B431D1-4985-4CD2-B54C-5AC597082896}C:\users\robert\documents\my games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\robert\documents\my games\warcraft iii\war3.exe |
"UDP Query User{C4B78AAE-3E77-4701-838C-C5F289406083}C:\users\robert\downloads\wotlk-intro_en_us-downloader.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\wotlk-intro_en_us-downloader.exe |
"UDP Query User{C8306FE1-022D-4256-B0E4-B6D5F178D1AE}C:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"UDP Query User{C866596F-1F97-424A-920E-333326628268}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{C8F5DAE2-F399-4461-BF80-3896EEEECECA}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{CABA9015-192A-4925-A2EE-3AD6A83EC38A}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{CB76ED1B-DEA9-42DB-9BAD-690E22CC80F3}C:\program files (x86)\aspyr\men of war\mow_mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aspyr\men of war\mow_mp.exe |
"UDP Query User{CD779388-D563-4D92-BAFC-5BEB02728E92}C:\program files (x86)\steam\steamapps\[email protected]\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\counter-strike\hl.exe |
"UDP Query User{D3B59712-9C0D-4B89-90C6-DC659BCC416C}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{DDD47E53-E9B2-4266-8BF3-38C531D744BB}C:\program files (x86)\steam\steamapps\[email protected]\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\source sdk base\hl2.exe |
"UDP Query User{E3A213E2-A09B-440F-BC9A-1EB31EF9DC32}C:\program files (x86)\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mohaa\mohaa.exe |
"UDP Query User{F23B4C9F-C320-447C-A8EE-14246A4EFA29}C:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"UDP Query User{F3CE6ADC-4A25-4876-8188-7F1A880BCA9D}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{F58429D4-A103-4832-AE02-C52579FCC13D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{F9E0823C-7542-40EA-9E35-D3EF8A3D39EC}C:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{FD153721-5939-4D34-B29B-274230631780}C:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base16036\sc2.exe |
"UDP Query User{FD4E0C34-0468-47E2-8F78-A77777397F5A}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe |
"UDP Query User{FE75F45F-10A0-4E75-A224-0A6757D265FA}C:\users\robert\downloads\sc2-battlereport-4_esrb-downloader.exe" = protocol=17 | dir=in | app=c:\users\robert\downloads\sc2-battlereport-4_esrb-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FBB2E98-1A3B-396A-A662-73E17009C076}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.17.5.0" = Update 1.17.5.0 for "Men of War"
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPG¸°Ù2000 ×ÝÀ²ÑÊ߯¹°¼Þ
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{442D5880-05B4-4DC8-A038-2EDA79FAE601}" = Warhammer Mark of Chaos Patch 1.03
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer Mark of Chaos
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B681A3B-C924-23F9-AAD0-9FB1715C763A}" = Catalyst Control Center InstallProxy
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth ™
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5531845-BB3E-4745-8D1D-F4B9163BD54E}" = Company of Heroes Online (THQ)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista
"{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CF3C3096-003A-9FC9-4715-9FC8962E35F3}" = Catalyst Control Center InstallProxy
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"BotB" = Battle of the Bulge
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Company of Heroes" = Company of Heroes
"Diablo II" = Diablo II
"EVEMon" = EVEMon
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Natural Selection_is1" = Natural Selection 3.2
"NuonSoft Wallpaper Cycler Lite_is1" = NuonSoft Wallpaper Cycler 3.6 Lite
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.6" = Python 2.6 pywin32-212
"Star Wars Knights of the Old Republic" = Star Wars Knights of the Old Republic
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10500" = Empire: Total War
"Steam App 1250" = Killing Floor
"Steam App 1280" = Darkest Hour
"Steam App 12900" = Audiosurf
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13140" = America's Army 3
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 17500" = Zombie Panic Source
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 25890" = Hearts of Iron III
"Steam App 29570" = Guild Wars: Trilogy
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 35020" = Batman: Arkham Asylum - Demo
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 35700" = Trine
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 3730" = Aliens versus Predator Classic 2000
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 48710" = Mount and Blade Warband - Demo
"Steam App 50" = Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 56460" = Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steam App 73050" = Magicka - Demo
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.6
"Warcraft III" = Warcraft III
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3153312104-1599786319-2169677723-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"477233b55d082a86" = Company of Heroes Online Launcher (THQ)
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/11/2010 3:47:03 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/11/2010 8:07:15 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/11/2010 9:50:33 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/11/2010 11:32:04 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/11/2010 1:00:43 PM | Computer Name = Robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 16/11/2010 1:00:43 PM | Computer Name = Robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 16/11/2010 6:12:35 PM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/11/2010 7:11:02 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/11/2010 2:02:27 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/11/2010 11:17:13 AM | Computer Name = Robert-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/10/2009 10:33:52 PM | Computer Name = Robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/02/2010 8:40:05 PM | Computer Name = Robert-PC | Source = McrMgr | ID = 109
Description =

Error - 12/12/2010 8:10:23 PM | Computer Name = Robert-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 02/02/2011 7:06:47 AM | Computer Name = Robert-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 02/02/2011 4:40:06 PM | Computer Name = Robert-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0026183E1453 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/02/2011 7:57:26 AM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 03/02/2011 7:58:24 AM | Computer Name = Robert-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 03/02/2011 9:06:31 AM | Computer Name = Robert-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0026183E1453 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/02/2011 8:12:50 AM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 04/02/2011 8:13:43 AM | Computer Name = Robert-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 04/02/2011 10:20:26 PM | Computer Name = Robert-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0026183E1453 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/02/2011 10:22:35 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 04/02/2011 10:23:40 PM | Computer Name = Robert-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

#4 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 07 February 2011 - 12:02 PM

Hello MK9000,


I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know.

If you have not done so, include a clear description of the problems you are having, along with any steps you may have performed so far.


Thanks!!
PW

#5 MK9000

MK9000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 February 2011 - 04:13 PM

I haven't done anything. I've been waiting for someone to help fix the issue.

#6 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 08 February 2011 - 11:00 AM

Hi MK9000,


Multiple Antivirus Programs

You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

In your case I notice that you have two antivirus programs installed. AVG Internet Security 2011 and Lavasoft Ad-Watch Live! Anti-Virus.

I suggest you uninstall one of the antivirus programs via Add/Remove Programs. If you decide to uninstall AVG Internet Security 2011 and have any difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications to completely remove the program.



File Sharing

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.


Registry Cleaners

I also notice that you have CCleaner installed. Although it is a very good program it does contain a registry cleaner.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

More information about registry cleaners can be found at Miekiemoes Blog


Step 1.

CSRSS.exe is a legitimate Windows file but can be associated with malware.

Let's take a look.

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    csrss*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step 2.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to Disable your Security Applications
    Note - If you have AVG or CA installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications <----Important
    Refer to this page if you are not sure how. You can reinstall AVG when we are finished and can temporarily install another antivirus if you wish. Some good antivirus programs free for non-commercial home use are:
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply please include the following:


SystemLook.txt
Combofix.txt



How is your computer running? any problems?


Thanks!!
PW

#7 MK9000

MK9000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 08 February 2011 - 08:31 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 19:15 on 08/02/2011 by Robert
Administrator - Elevation successful

========== filefind ==========

Searching for "csrss*"
C:\Windows\System32\csrss.exe --a---- 7680 bytes [02:49 21/01/2008] [02:49 21/01/2008] B4ABE68596B173FF2AB2076BC7C35EB4
C:\Windows\System32\en-US\csrss.exe.mui --a---- 2048 bytes [15:13 02/11/2006] [15:13 02/11/2006] 491B292FBFF6CAF0C9C97E427FE93F8C
C:\Windows\SysWOW64\en-US\csrss.exe.mui --a---- 2560 bytes [15:13 02/11/2006] [15:13 02/11/2006] EDDBE7C7A174FC8843CA6B1E3D9E91FF
C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3478e49e9ce2ff67\csrss.exe.mui --a---- 2048 bytes [15:13 02/11/2006] [15:13 02/11/2006] 491B292FBFF6CAF0C9C97E427FE93F8C
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe --a---- 7680 bytes [02:49 21/01/2008] [02:49 21/01/2008] B4ABE68596B173FF2AB2076BC7C35EB4
C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.0.6000.16386_en-us_d85a491ae4858e31\csrss.exe.mui --a---- 2560 bytes [15:13 02/11/2006] [15:13 02/11/2006] EDDBE7C7A174FC8843CA6B1E3D9E91FF

-= EOF =-


ComboFix 11-02-08.02 - Robert 08/02/2011 20:04:40.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8190.6622 [GMT -5:00]
Running from: c:\users\Robert\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Robert\9d939a2d7ffa31e7ff995270b6b80552.jpg
c:\users\Robert\Documents\cc_20110130_010249.reg
c:\users\Robert\lotrohigh.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 01:14 . 2011-02-09 01:18 -------- d-----w- c:\users\Robert\AppData\Local\temp
2011-02-09 01:14 . 2011-02-09 01:14 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-02-09 01:14 . 2011-02-09 01:14 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-02-09 01:14 . 2011-02-09 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 01:00 . 2011-02-09 01:00 -------- d-----w- C:\32788R22FWJFW
2011-02-07 03:32 . 2011-02-07 03:32 -------- d-----w- C:\Perfect World Entertainment
2011-02-05 02:45 . 2011-02-05 02:51 -------- d-----w- c:\users\Robert\Backup
2011-02-04 21:30 . 2011-02-04 21:30 -------- d-sh--w- c:\programdata\SecuROM
2011-02-04 21:03 . 2011-02-04 21:03 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2011-01-30 00:16 . 2011-01-30 00:16 -------- d-----w- c:\users\Robert\AppData\Roaming\f-secure
2011-01-25 09:27 . 2011-01-25 09:27 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-22 06:33 . 2011-01-25 20:34 -------- d-----w- c:\users\Robert\AppData\Roaming\RIFT
2011-01-22 06:33 . 2011-02-07 21:48 -------- d-----w- c:\users\Robert\AppData\Local\RIFT
2011-01-22 05:02 . 2011-01-22 05:02 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc8130.tmp
2011-01-15 05:49 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-15 05:49 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-01-15 05:49 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-01-15 05:49 . 2011-01-15 05:49 -------- d-----w- c:\program files\iPod
2011-01-15 05:49 . 2011-01-15 05:49 -------- d-----w- c:\program files\iTunes
2011-01-15 05:49 . 2011-01-15 05:49 -------- d-----w- c:\program files (x86)\iTunes
2011-01-15 05:47 . 2011-01-15 05:47 -------- d-----w- c:\program files\Common Files\Apple
2011-01-15 05:47 . 2011-01-15 05:47 -------- d-----w- c:\program files\Bonjour
2011-01-15 05:47 . 2011-01-15 05:47 -------- d-----w- c:\program files (x86)\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 23:13 . 2009-09-04 13:04 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-07 23:13 . 2009-08-14 13:43 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-07 23:12 . 2009-08-14 13:43 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-02-06 16:31 . 2009-08-14 13:43 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-28 12:09 . 2009-08-14 13:43 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-01-05 01:48 . 2011-01-05 01:48 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2010-12-18 15:11 . 2010-08-28 14:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-13 12:18 . 2010-12-13 12:18 605960 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"NuonSoft Wallpaper Cycler"="c:\program files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe" [2009-06-30 3708472]
"Google Update"="c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-28 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Robert\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2007-06-29 39424]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153312104-1599786319-2169677723-1000Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 13:34]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153312104-1599786319-2169677723-1000UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 13:34]

2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 855608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\2mzl70ia.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Battlefield Play4Free: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-UnityWebPlayer - c:\users\Robert\AppData\Local\Unity\WebPlayer\Uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3153312104-1599786319-2169677723-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9c,36,75,13,29,f7,d4,f4,df,88,63,16,cd,fb,6d,e3,68,15,0b,c4,07,23,9e,
17,98,c9,0f,0b,32,e6,e6,e5,2d,16,14,86,8a,ac,d8,eb,0c,d7,93,49,c7,ce,e8,02,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

[HKEY_USERS\S-1-5-21-3153312104-1599786319-2169677723-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,b2,dc,33,a2,b0,39,79,07,5a,f6,c7,08,68,ec,c1,b5,d4,df,0d,a4,
ae,09,55,1b,5b,ca,25,37,64,90,48,73,a3,af,9c,83,d2,d8,3c,94,76,16,b7,9f,01,\
"rkeysecu"=hex:5c,37,96,96,6c,d6,84,a8,e2,ae,8e,18,2c,44,b0,3d

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-02-08 20:25:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 01:25

Pre-Run: 212,279,590,912 bytes free
Post-Run: 212,103,593,984 bytes free

- - End Of File - - DDC1C04AE1ECBC81C3636A9DC37B5F0D

#8 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 09 February 2011 - 10:21 AM

Hi MK9000,

  • Click on this link--> virustotal
  • Click the browse button. Copy and paste the following lines in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

C:\Windows\System32\en-US\csrss.exe.mui


If the file has been analyzed before, click the Reanalyse File Now button.

Please copy and paste the results of the scan in your next post.



Be sure and update your Windows Defender if you plan on keeping it. You can also install your choice of an antivirus
program. :thumbup2:


Step 1.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


Step 2.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note: If ESET finds nothing there will be no log produced



In your next reply please include the following:


VirusTotal results
MBAM log
ESET log



How is your computer running?


Thanks!!

Edited by pwgib, 09 February 2011 - 10:23 AM.

PW

#9 MK9000

MK9000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 09 February 2011 - 05:21 PM

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: csrss.exe.mui
Submission date: 2011-02-09 18:50:16 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.02.06.00 2011.02.06 -
AntiVir 7.11.3.32 2011.02.09 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.02.09 -
Avast5 5.0.677.0 2011.02.09 -
AVG 10.0.0.1190 2011.02.09 -
BitDefender 7.2 2011.02.09 -
CAT-QuickHeal 11.00 2011.02.09 -
ClamAV 0.96.4.0 2011.02.09 -
Commtouch 5.2.11.5 2011.02.09 -
Comodo 7630 2011.02.09 -
DrWeb 5.0.2.03300 2011.02.09 -
Emsisoft 5.1.0.2 2011.02.09 -
eSafe 7.0.17.0 2011.02.09 -
eTrust-Vet 36.1.8149 2011.02.09 -
F-Prot 4.6.2.117 2011.02.04 -
F-Secure 9.0.16160.0 2011.02.09 -
Fortinet 4.2.254.0 2011.02.09 -
GData 21 2011.02.09 -
Ikarus T3.1.1.97.0 2011.02.09 -
Jiangmin 13.0.900 2011.02.09 -
K7AntiVirus 9.81.3796 2011.02.09 -
Kaspersky 7.0.0.125 2011.02.09 -
McAfee 5.400.0.1158 2011.02.09 -
McAfee-GW-Edition 2010.1C 2011.02.08 -
Microsoft 1.6502 2011.02.09 -
NOD32 5860 2011.02.09 -
Norman 6.07.03 2011.02.09 -
nProtect 2011-01-27.01 2011.02.02 -
PCTools 7.0.3.5 2011.02.09 -
Prevx 3.0 2011.02.09 -
Rising 23.44.02.05 2011.02.09 -
Sophos 4.61.0 2011.02.09 -
SUPERAntiSpyware 4.40.0.1006 2011.02.09 -
Symantec 20101.3.0.103 2011.02.09 -
TheHacker 6.7.0.1.126 2011.02.08 -
TrendMicro 9.200.0.1012 2011.02.09 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.09 -
VBA32 3.12.14.3 2011.02.09 -
VIPRE 8362 2011.02.09 -
ViRobot 2011.2.9.4301 2011.02.09 -
VirusBuster 13.6.191.0 2011.02.09 -


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5721

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

09/02/2011 1:57:45 PM
mbam-log-2011-02-09 (13-57-45).txt

Scan type: Quick scan
Objects scanned: 184846
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET found no threats and took three hours to scan entire hdd.

#10 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 09 February 2011 - 06:15 PM

Hi MK9000,


Your Adobe Reader is out of date. Please go here to update. You might want to uncheck the McAfee scan option.

You can also update through the program.

  • Open Adobe Reader
  • Click the Help tab
  • Click Check for Updates
You may need to manually delete older copies of Adobe Reader via Add/Remove Programs.


You now appear to be all clean. :thumbsup:

We need to do a little house cleaning.

The following two procedures need to be done in the order listed. If you can not do so please let me know.


Step 1.

Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall Note the space between the X and the /U.

Please advise if this step is missed for any reason as it performs some important functions.


Step 2.


Please open OTL
  • Double click on the Posted Image icon on your desktop.
  • Click the "Cleanup" checkbox.
  • You will be asked, "Begin Cleanup Process"
  • Select Yes
  • You will be prompted to restart your computer.
You can now uninstall any other programs we may have used and delete any logs that may have been generated.

Step 3.

Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.

It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here

I recommend that you visit the link above and either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

If you have any questions please do not hesitate to ask.


Thanks!!
PW

#11 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 12 February 2011 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
PW

#12 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 12 February 2011 - 06:06 PM

Reopened at Users request.

Hi MK9000,

Hmm..we didn't change the settings to any autoplay/autorun feature.

You can follow the instructions here to reset the autoplay feature in Vista. :thumbup2:



Thanks!!
PW

#13 MK9000

MK9000
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 12 February 2011 - 07:16 PM

I discovered its probably security software that disabled it due to many "rumors" that malware creators use it to spread there virus.

#14 pwgib

pwgib

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:22 PM

Posted 20 February 2011 - 11:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users