Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i accidentally installed some adware


  • This topic is locked This topic is locked
25 replies to this topic

#1 gothicpianist

gothicpianist

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 31 August 2013 - 11:15 PM

i was on a website to download a program called "paint.net" but i clicked on an ad by accident when i thought it was the program. it turned out to be adware and first there was something called webconnect and lyric seeker i tried to delete these extra dowloads and thought of it as nothing. then when i opened up firefox, the webpage was something like delta some sort of odd serch engine. not my homepage. it took an hour to change it back since i couldnt figure out how to change it back because one of the ways was blocked somehow. i also noticed there were some strange plugins that i think were related to the webconnect and lyric seeker so i removed them. then the next day one of my famly members, complained about the delay of the computer and how the google webpage on internet explorer had ads. the search results were also very odd. i ran a kaspersky full scan. it detected a couple threats which consisted of the lyric seeker and the webconnect and i deleted those files and i clicked "fix" which got rid of those threats. my brother then decided to run a malwarebytes anti-malware full scan. there were 48 threats. i dont understand why kaspersky only picked up 5 while malwarebytes picked up so many more. when the scan was done, my brother got the program to fix the threats. he rebooted the computer and ran another scan. the scan, at this moment is about 28 minutes in right now (it take maybe 5 hours) but it has already picked up 1 threat. for some reason, when the computer was rebooted the threat returned.

 

what can i do about this? i want to remove ALL possible threats and i dont want my computer to end up wrecked.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,934 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:30 PM

Posted 01 September 2013 - 05:01 AM

Hello gothicpianist and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

 

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

 

===================================================

 

Download and run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

Logs to include with next post:

 

AdwCleaner log
JRT.txt

OTL.txt
Extras.txt


Thanks

Satchfan


Edited by satchfan, 01 September 2013 - 05:14 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 09:18 AM

i did everything you said to do and the only thing is that i thought i would tell you that in the adwcleaner scan, it detected babylon which is suposedly a really bad virus. i thought that may be important information. it seemed to have gotten rid of it.

 

i tried to attatch the adwcleaner file but it was too large so i thought i would paste it in like i was going to do for the other three files. i clicked on the file to open it again but it said

 

"the version of this file is not compatible with the version of windows you're running. check your computer's system information to see wheather you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher."

 

should i run the scan again and post that result or is there a way of getting to it again? i have windows 7 by the way.

 

i will aso post the other three files in separate posts following this.



#4 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 09:19 AM

this is the JRT.txt file:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christina on Sun 09/01/2013 at  9:21:56.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7F8EE0CF-8812-4B91-8C96-3E8C2ABCE9C9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7F8EE0CF-8812-4B91-8C96-3E8C2ABCE9C9}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Lyrics Seeker Update.job



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{4A9A31A1-5F15-4D38-81FE-760CA8F81045}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{7CA8A27F-20E4-4DEB-97AA-C4B13102F561}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{7FE441C4-C868-4352-9424-33DA66508B60}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{93A9B03D-663E-44C7-94B7-2C40C4473F6F}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{982EF499-453A-4615-A90B-E0915A265D0B}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{A78949AD-C2E8-4702-B009-3801D9887FDA}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{D28A026F-636B-4CF5-9D0C-9DABF498B6CD}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{DB162DE6-10C0-4F04-AE2E-FFAF205D8FB2}
Successfully deleted: [Empty Folder] C:\Users\Christina\appdata\local\{F431A306-4045-4B70-BADC-75DC65670667}



~~~ FireFox

Emptied folder: C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\qbcw05sz.default\minidumps [40 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Christina\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at  9:27:35.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#5 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 09:23 AM

this is the extra.txt file:

 

OTL Extras logfile created on: 9/1/2013 9:36:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.97% Memory free
7.93 Gb Paging File | 6.07 Gb Available in Paging File | 76.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.35 Gb Total Space | 250.98 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.22 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINA-HP | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-596548954-2750827391-4164645071-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09610BEE-6DB5-48BE-A28C-1D7F7C41367F}" = lport=445 | protocol=6 | dir=in | app=system |
"{12F37B21-A29A-4CD0-AE7A-00B66128A4F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{275B5809-80AB-457E-BA24-BC417032ACB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{279B2E65-5AE0-4446-A055-9E7D4F967486}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A43F52F-4026-4DA0-A56D-235A824DC9A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{2EE88238-E822-4973-8DBE-3D198E8B3EF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C115F44-3742-44D3-9FAA-024C3CF86744}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40D504C7-B8B0-4F72-8359-965A3BBD7B86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{42AE9A14-C59E-4680-9300-275D1F56A04B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65DC6BE4-898B-4BBC-87C4-4EF5662E650D}" = rport=138 | protocol=17 | dir=out | app=system |
"{757723D4-0A93-4C47-BBBE-D1D824B54198}" = lport=139 | protocol=6 | dir=in | app=system |
"{9AF23854-0744-4CB7-8439-EF6A874E1C00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B234C31-DD9D-46EC-A38A-B1FA3F3E8929}" = rport=137 | protocol=17 | dir=out | app=system |
"{A65A6F90-24C4-4AE6-946E-F4C85C9E3EFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB9E7087-44A3-4F7F-993E-6140CDED882B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0E5C7CA-6E9F-4242-852F-47926106FA25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C67360E8-B344-4419-9B1A-C225A2B36211}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CB67057A-4C33-46F2-AC2F-640B5A2B3481}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D002C1E8-2A02-4BC8-B76B-B57E60437D2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4FA2ACE-50FF-48E7-9A22-9973C13CC645}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D7699C64-62F5-4B26-8FB6-D70914C525DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB93AACC-F946-4CE4-816C-66B34C329164}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8686E49-45B9-47C9-9EBA-CE92B224E84A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAD4072B-FAC6-4B33-91EA-02136B8F1DDC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F350C373-B30C-4EBA-86F7-973064FDD5FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{FB0627FB-9F8B-44E8-BF0F-4DBC9425D087}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005584AD-9345-4FD1-8B4E-CA2404B86E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe |
"{00F808AC-FCD0-45ED-8F93-662CD3051FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{022816E9-F01D-4C10-8843-73A3D8187E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{053C86F6-6172-491E-BB5C-4C2BE0992C17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{05B3D4EE-F63F-438C-9720-BC673A9F981E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\123kickit\123kickit.exe |
"{067005E4-2788-49B8-9EF7-9B6DB2E87D43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{07EC1C12-3474-44DD-AEB2-29FE3A0405D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{0809F768-8C34-4C0D-947B-145B3B9BD69C}" = dir=in | app=c:\users\christina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{085DF32B-4842-4079-903F-73ABF6C4937D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{095B3634-0BEB-46A2-ACAC-0E4E41F46F10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{0AA0522D-7499-4882-9062-F44BE4A7193E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\counter-strike\hl.exe |
"{0B37BE82-DFC1-4588-8776-17D14A763230}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (iv) the last revelation\tomb4.exe |
"{0B41D83D-2F3A-4EC8-9857-3A59D125632E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
"{0CD8CC51-24CD-4B0A-BD64-85B85A48BA79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\ricochet\hl.exe |
"{0E5DC1BA-5F74-4B33-83B3-AAEE2A8A55D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\day of defeat\hl.exe |
"{1106D48A-6C11-4C09-9082-38AB4470F77C}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{111E2F4A-EF6F-4DD3-98A4-264578A15C5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{113B465D-C6AC-4A6D-98B3-014E1A7862EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{1174C1E2-63EE-4B1D-A2B7-F17356FA7B61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{12D96F92-FFA4-4B9A-A9D0-5263C4E1A219}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ares\ares.exe |
"{13D961FD-CDB8-489A-B762-D0CBD6E52908}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{140D5892-CBB1-40D1-A234-CEA760159DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{1519B8B3-9BFE-405D-91D7-5691AE3FF859}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1537C4E3-3A07-41B7-A519-6F0A038EB503}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{15910AD4-4671-4CC6-BB0A-380C6BF43631}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms\runworms.bat |
"{197D1D7D-4172-4EBA-98FE-DD30CD4B8721}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe |
"{1B223F81-8F22-4FC0-B660-102E4DAE0962}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1B92B20E-9268-4271-889D-87BB3AD00BB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{1C6BAF99-1715-4FBC-98CE-404725BC7280}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1E758EC2-B804-41EA-966B-67E90ACB69BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |
"{20739CC5-6BBB-4AD2-9F24-DCD3DAE22F47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{20B755FE-B6D6-4661-813C-05BEEC252B33}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{21D9A364-65D7-472E-BA92-A9DAD98D1060}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2216F8A8-272D-4DA7-9D7A-F5435E39CB50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\deathmatch classic\hl.exe |
"{22E92EDD-9D80-4335-A556-2EB6BE10B317}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2.bat |
"{23AE4F64-89C8-453D-863A-657765A9592C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23CAE337-041C-4BB7-85F7-4E86627F93ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26415A59-14FD-45BE-BACB-8F4903FDA018}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{2645E328-3810-46EB-A983-485F486AA126}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{269A76AC-79E7-4F77-B130-AAC3044F5707}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\base\dosbox.exe |
"{28525ACB-5FAA-4AD9-93CD-D8284913F6BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{2876B6A9-557F-4C67-A9C4-29523B200BB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{2A4755B7-9727-4157-BFBE-4BC3626B6A06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{2AAEF02A-1637-4A53-9806-D58C4BCF9183}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\they bleed pixels\they bleed pixels pc.exe |
"{2B2AD37A-24F4-4DD9-8A06-A5086C9A517D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesome\awesome.exe |
"{2B79A9AC-A0BE-4EA3-A13C-C95F6C40A2C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CAE1F74-CF73-4A89-AE83-2983EA9BDF93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{2E3E9BD0-825D-4E1E-92A2-293C93E6E8B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{2E4F48F3-EE18-4115-9DD7-F6752C088CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe |
"{2EAFF03F-D277-4B99-B779-12AA7E5DDA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe |
"{2F569F73-60E6-4484-AFFB-624D72CE37BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (iv) the last revelation\tomb4.exe |
"{3083A353-E62B-4A10-A6B0-1FD40398EEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{30D9FEC2-2D41-49C5-9DFC-5C32A0458879}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{31B8A03B-AF48-47BE-BE93-62D1A5C7BFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{31CB5607-2C6D-47B4-AB3D-A268C2391953}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst v\eoa.exe |
"{3514646B-6C61-46A8-BDBB-24656B86921E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\tgp.exe |
"{3636E782-DF6E-422F-8C73-0B564D9D6B32}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{36A0A4FA-8755-4973-92DF-DC497BA1B123}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\they bleed pixels\they bleed pixels pc.exe |
"{37989F7E-21CA-49FE-B12C-A32E43FB9A4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{3AFED1A1-DFC6-40FB-BC11-F01DC39CABB3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3B58C595-E256-4A8D-89C5-E2EE771A9A9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{3BD859F9-764D-427B-8155-5C380F15F105}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctumbeta\binaries\win32\sanctumgame-win32-shipping.exe |
"{3C6FAA6D-C14E-4CBF-96C3-5795DF79AF2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\master levels of doom\dosbox.exe |
"{3D0ACC54-BB29-4332-B3F6-020FB653352D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3ED97043-36FC-4DE4-85CE-1D0A057C8C5A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4093EBA1-9F3C-48D7-AB22-AFABD555DC90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{415BC5DF-44A0-405B-ABDD-668FC4548DD7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{44449656-6192-4FB3-9F59-05343EE15816}" = protocol=6 | dir=in | app=c:\program files (x86)\steelstorm\steelstorm.exe |
"{4488EA3C-966A-40A0-865A-156C6EACA77F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{44951241-FA39-44E8-B504-42F3BB0021FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jamestown\jamestown.exe |
"{45CEC802-CD7F-45C5-B1E9-D93F19CCBDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{46F3889F-3DCB-4346-8766-8FBB488E78D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien shooter\alienshooter.exe |
"{48008342-A1B7-4853-9781-84F8C965260C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4960D3A5-7E68-4D3D-9F3D-EC6C6C7A1CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe |
"{49C34E8F-A35A-4797-A21E-680B72AFEFEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\base\dosbox.exe |
"{4A987442-758A-4A50-BC0A-0667C0FA7F80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst v\eoa.exe |
"{4D63E7DA-A5B4-4FA4-BE18-E848468A0431}" = protocol=6 | dir=out | app=system |
"{4EEC3E78-31C0-4E8B-AECB-2C1A42C57D17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base2\dosbox.exe |
"{52395DCA-57A9-4084-96BE-6DCE32AB5B10}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5338759E-F14F-4C4D-81F3-015F42740D43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien shooter\alienshooter.exe |
"{535A7716-A2ED-482B-AEE0-3A7721B817FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (vi) the angel of darkness\launcher.exe |
"{53949709-5367-4915-B88A-62C0F5B5FE61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{541C432F-0DF3-4F05-A049-B9B33A147251}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{55264969-EE1E-4BCD-9162-230CCB398A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{572B718C-9DC3-41DF-BC65-697A0496B77C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{589655D0-C233-4627-B4DA-7C6DC5882F14}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\master levels of doom\dosbox.exe |
"{5AECB85D-CC72-4AFF-8E9C-5E913276147E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5B298D00-27EA-4EF7-B7D1-27EB6DAD3856}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\base\dosbox.exe |
"{5B4A8D44-DFE8-4012-AE2C-AA16FD88D5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 3 arena\quake3.exe |
"{5FAB22B4-A0B3-4097-AD29-938D354BDC96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jamestown\jamestown.exe |
"{5FB124BF-D9BE-431F-BEDF-02E43BEA2582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{5FB6B1BA-5813-476C-AF71-F52A80793D60}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{640E72FF-671D-4ED2-A200-0D90C1C9C9D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64E0EAFB-1CB5-4068-93E9-D078ABEDEF94}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{698BD7AB-8EE8-46B7-AFE0-AB6679927C68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{69CD751B-F723-41B5-BF35-1DEADDCBA59C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe |
"{6B48F1D3-942E-4F13-B202-B7F7B8954648}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{6B798AE0-871B-44CD-8DB3-C240EDAC8FB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{6DF090E7-F1AB-4DF2-AB1B-7C4198989DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steelstorm\steelstorm.exe |
"{6E04C889-AA7B-42F3-873E-B3855805698F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\base\dosbox.exe |
"{6FAFED26-2B3B-42C9-A30A-4369B3ECFC33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{6FBA96DB-20EE-4D63-BAA4-69C81E194967}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\tgp.exe |
"{6FD228E2-6326-4FF9-989B-393FCE649B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71DB3718-729F-4E41-929A-FBA6D0F68FF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\team fortress classic\hl.exe |
"{72306BE9-CE1B-416B-B65C-037C6ADCE381}" = protocol=6 | dir=in | app=c:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe |
"{725FF491-ADEA-4C09-B760-4B44C80BB8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{726DFB55-9EA9-4DB5-90A1-AC57CDAA2AC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72CB8273-0291-4A91-802D-4C107D7563FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wizorb\wizorb.exe |
"{748A1718-D2C5-4978-81FC-8969153344F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\myst masterpiece\myst.exe |
"{7752736C-0FFB-407D-A8FF-364101F8FDD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\counter-strike\hl.exe |
"{77914AEB-9A07-4521-8A2A-AAAB7E92D0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (v) chronicles\pctomb5.exe |
"{79603E9E-E25D-4655-AD7B-0C6847D2E14F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79795A36-CA37-4E75-908F-D9D0CA215248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe |
"{8025EF7F-7520-4EA7-9698-F71F5A07E9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{805C57E5-31F2-493E-80D5-1253644232DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life source\hl2.exe |
"{82CC0D0A-ECFB-490B-9ABC-3BD3B199C323}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe |
"{8336D33A-A3EE-4845-A82F-4DF2F6220DF9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{83B2529C-8761-4CA5-A3BE-FBAF568EF07F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{8480441C-AF26-4B35-9CA7-8154F2AD52F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\base\dosbox.exe |
"{84AFD3DE-823C-40B1-9746-071C2AD8C49F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 3 arena\quake3.exe |
"{85C1CE1A-4064-458F-BA63-F1340289D30F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{86684E8D-1EB8-4B88-B26E-613DE6F77E73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{86EE0621-624F-4A09-A8F8-9469833965EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{87A86E90-C1C4-4C7D-A4E6-53CB37FF2999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{87DAE557-73DB-4A90-A1A7-4F97FBADB0C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8896FD0F-EAF0-485A-BBBA-5C8088823489}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacechem\spacechem.exe |
"{89923029-757A-46BA-A203-F02BC4E00E90}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{89D21892-8B36-421C-8C6B-AA9BE7C056E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{8A9E05F2-94A9-45ED-AAAB-3EB02CE8C242}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{8C159C1D-C563-4703-A9B0-CA8D94E3D9E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8F25296D-E435-48B1-8EA7-4A693FADC3DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{905971C8-583C-4500-8095-DCA473106E07}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{909046EC-DEDE-4979-828F-DC47B23EA8DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{90DD7E7E-AB53-40B2-991D-422E647CF2CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe |
"{924ACD85-C175-47F9-A495-9EDC757125F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{92CAC344-146F-48DC-8605-BD80442493F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen 2\glh2.exe |
"{9396058A-8E88-45BF-B1A4-B8CA5F89C6B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base3\dosbox.exe |
"{95A42D63-3EFD-4895-8F3C-E2AD18749FD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wizorb\wizorb.exe |
"{9909E8C4-BFE1-498E-8E03-05B3399E0867}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\deathmatch classic\hl.exe |
"{990DE79D-233C-4102-A01E-A09B74616F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{9A38AE03-F146-4624-AE95-4A3E93C96EBD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tombraider (iii)\tomb3.exe |
"{9ABBCDB3-3DDF-433F-9130-4C14048E6280}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{9CCAE02E-1599-4BF0-A370-F7D9276913CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe |
"{9E955ADD-3894-423A-B027-220CAE72B762}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |
"{9ECC2829-A41F-449A-AF7A-F0266F9578EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{9EF32D0D-5E68-41C1-87BD-BB02BE54E5CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{9F9E6BC5-58EC-47B2-B60E-F92635C51140}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\riven\riven.exe |
"{A0101B8D-CA61-4799-8E86-BE9688D47BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A01F30E5-EFB0-434C-AC4A-4FBB90BDAF7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\base\dosbox.exe |
"{A04A7AA3-9F75-4C5E-B57B-C7449F6377D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms\runworms.bat |
"{A0B26780-6C15-4AC6-B4B0-8F3E43E9F9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (i)\dosbox.exe |
"{A1FCF20A-FCA3-4DE9-B6BD-3D9436F831BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ultimate doom\base\dosbox.exe |
"{A2A2C121-DD26-493C-8C0D-831C843981A3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A366136F-26DE-41FC-B5C5-E5C9C5FE14C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base1\dosbox.exe |
"{A4477BE6-C8B1-493E-A8D9-0BB0E31BA11A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\123kickit\123kickit.exe |
"{A491E084-D60F-412E-A528-CCCBCCA070BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life\hl.exe |
"{A4E2391C-D457-4DFF-9A97-11DC74687330}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A6C3D3B7-7545-456C-AC93-67750074FAC7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (vi) the angel of darkness\launcher.exe |
"{A6FE6834-F66B-40B7-A704-D0E01155330C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{A886CEAD-3EB7-497E-B854-E1B8579D2258}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{A895D323-3065-45AF-BFD0-62FA9BB3F801}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2.bat |
"{A9BF4C07-EA40-4473-AD27-8ADAFF696416}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{AA56AD9B-86D1-4899-B09E-CC2C2C949B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\base\dosbox.exe |
"{AAE69373-2DF0-49F4-BE6C-216387A8EC25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{AB634DDB-91FB-4B16-B684-5575396DB5A3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{ACBF87D3-B8B1-4BB6-B95B-4FE33AB63CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (ii)\tomb2.exe |
"{AD612524-A4AE-45EA-8433-702CC2B4B861}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{AF21BAD5-5B00-432F-9FEA-4902AE078E22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{AF2FD697-450C-496F-8459-1B499C305F94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{AFA2DE91-2957-42BD-8572-F0F3BC107462}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctumbeta\binaries\win32\sanctumgame-win32-shipping.exe |
"{B1C15282-6748-4BDF-97FB-82E638F72DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B2047443-84DD-48E2-8F82-837533630185}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B256673E-9999-424D-985B-002ED928F8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B3697135-C716-4F0D-80C1-7EE85AA0EBBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{B4C8D0A1-34E9-4679-B8F5-CEBBBC514871}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the wonderful end of the world\main.exe |
"{B5CEEC34-2B44-4233-AD12-85F57B80BADD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the wonderful end of the world\main.exe |
"{B729F4CC-6FCC-4D3B-933D-71CBBCDEE7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life\hl.exe |
"{B87F853C-4A88-4452-98F7-B6C487B48DFD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B9B13BBE-6EB9-4982-AD18-6578C6DDEE02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\team fortress classic\hl.exe |
"{BA3C055F-0787-4847-ACA1-446E3D1CBBCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe |
"{BAD2F514-1812-439C-B2D8-1DB0EDD184B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{BCFA0C23-1B14-4F5A-AD9B-2D13BFF4222F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{BD0E5EF9-8244-4176-819F-EEEA7EB40811}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{BD7AEF50-682B-451C-AD84-A8E15B32EEE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steelstorm\steelstorm-dedicated.exe |
"{BEE9E26B-A64E-46A3-B91A-99E4828FB288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{BF22C454-5596-402F-BCB2-55289EDD58F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesome\awesome.exe |
"{C01A6C07-1DBF-49CC-BFCC-904B3020B133}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{C17A9D06-7FCA-47B6-B91C-5454B8215049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{C1B443FC-D38F-4718-99D5-65A19587A468}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C2E4067A-3EEB-4FBB-AA41-E48060617834}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C313B009-64E8-4730-A2B8-4675E3FAC927}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base5\dosbox.exe |
"{C36E1A05-5FC4-46FE-B44D-C1855AB6BF48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (i)\dosbox.exe |
"{C4DDF047-04A8-4552-B9CE-8A67B97FC287}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ultimate doom\base\dosbox.exe |
"{C6C94955-C463-4BEC-8B36-2BB40B705DB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C768CE37-3C86-4C92-9B20-6CADAE3795C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C7D7A24C-B926-47C9-8838-7444353AEC5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{C8CF5349-5D03-4958-AD81-6FB675A14AF3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9511822-5916-43DB-A992-2E7AF02D37C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\ricochet\hl.exe |
"{C96ABAEF-2D31-40D7-860C-777AB5B6F37C}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{CABD8DF8-F3AB-4F5A-932B-05E1E4DC6F24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBA2E2B8-1478-4164-A990-557C46428C46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (ii)\tomb2.exe |
"{CFD1CEBE-F593-42A5-B265-DA44A7E8D591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe |
"{D01DD0D1-3E98-49D7-93E9-066C55F09269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{D04CFBDA-CA24-40B1-A355-42816324B261}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D050FC7C-9B11-488A-BE39-E726B3BD817C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe |
"{D0ACCFCE-6472-4E6D-B9F0-C35FBA102DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmyst.exe |
"{D21A80CB-10E6-430A-B8A0-8672CD086A76}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D3B2458E-62E8-4DFB-81A7-8B56CCB01B25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D4AB4E1B-FA73-4A09-BEDD-7266FFEA896F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D4F4D5D3-B147-45B2-9F47-180557DE55A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ares\ares.exe |
"{D549ACC4-5F18-47E0-85D1-17452524A055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
"{D659C313-A5FC-49AA-9B6A-A88E3A18B813}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{D9A5CDFD-53C7-4E0F-BECA-38CF48D86D16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen 2\glh2.exe |
"{DA0061D9-CC57-4323-9868-718C17565F35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{DAF00B13-0B17-4C64-8AC2-D28C24CCB529}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\day of defeat\hl.exe |
"{DD5A417B-9071-40DC-9F75-F88398FCCF87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{DFD5D303-52B0-4748-806C-0D7BA697D0CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E00C2AFF-6B4D-450C-8811-C333CC7F20B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{E00F0B39-8462-475E-8AFD-DDA491D21E07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E017FB4D-67ED-4B41-A8CB-B16428434C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\real myst\realmystsetup.exe |
"{E0C70FC0-78FD-4378-9E95-F1F3B3FD968B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{E25D2FB6-0125-4F45-9DA6-0652F6F9A7DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\base4\dosbox.exe |
"{E2835A4A-DC55-48AE-BC73-C98AD2C41B2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3CE58B4-8A0A-4456-A42A-A1CB228F6F99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |
"{E3E15CC0-DE0F-47DA-BF72-446C06DAD10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{E5F1C126-B992-4D25-8FCE-C25083152727}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{E6E216C9-A20F-43DE-B024-AD481AAACD25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E7EAAA18-0DCF-454E-924D-C35EE4E6D27B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7EFA320-0B83-4C29-8DD9-BB5579B7FB89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{E8C34E77-B4B7-4986-9522-F743D0F66313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{E8D9D808-C79C-48A2-88A9-6A7302CC0361}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E8F237A2-4E90-4E9D-8928-103F29799DBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider (v) chronicles\pctomb5.exe |
"{E922390A-C96E-414F-B876-77D2CC51245D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E953F3D0-77AF-4F3B-8E24-F80A7721DDF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life source\hl2.exe |
"{EC86AA68-01F8-4D9A-BC42-EDC184DE3CDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{ED3ABBCF-F4A6-4257-BBD6-7331C0A53AC0}" = protocol=17 | dir=in | app=c:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED66D6BC-FA44-4859-B293-2BD211125E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament\system\unrealtournament.exe |
"{EE100C64-F9E3-4228-84AF-807278394729}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tombraider (iii)\tomb3.exe |
"{EE12DB98-3A01-4CA5-95EC-A113D98C945F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{EF8967B6-B751-4802-B084-8EBDA0E3D300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{F0B39753-E33F-4046-9B2E-32001B57728B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{F0D5920C-63F2-4535-AC08-A791C29F5DCD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{F195E7F5-447A-44F0-B9E2-18EBE6B01D04}" = protocol=17 | dir=in | app=c:\program files (x86)\steelstorm\steelstorm-dedicated.exe |
"{F1E393F0-6ACE-4AF4-BD7E-505751A4FA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
"{F374A287-169C-42C5-9B63-8B2A6E26C1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{F5789B7A-BE49-4118-9B4A-DCB1ABF27229}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7F0065C-6763-4F78-8CFB-9D7AA7483184}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{F823BC9B-231D-4B06-9C8B-10ADD0D66929}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F8E08685-2CE4-453A-BF82-7476BBB60C12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |
"{F9014141-7ADC-43CB-9CB5-A7B074D6381A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\base\dosbox.exe |
"{F9E9AA1A-B316-443C-8821-30D6A28A5D3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{FC2CC6A4-ECF7-478C-BF01-17BF04909DEC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCA56387-0AB9-4BF2-8070-91F83086A978}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF68A0FD-FFB0-43EC-9E3D-792E10C7030C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"TCP Query User{09B5914D-CCF7-46A9-93B2-4FD0ABA71ACB}G:\brutal doom\doom connector\doom connector\connector.exe" = protocol=6 | dir=in | app=g:\brutal doom\doom connector\doom connector\connector.exe |
"TCP Query User{09CF1BC5-20D5-4F37-BC69-EF9E99A09364}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{0FFD1859-8BDE-4BD4-971B-0559BBA4ECD0}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{10491F45-8B8A-405A-8CB7-49D80BD65193}C:\program files (x86)\steam\steamapps\malzzzy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\source sdk base\hl2.exe |
"TCP Query User{19F9F06A-0744-4C03-B4B8-7C56AF7DFE9F}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
"TCP Query User{2185B623-B342-4917-B44F-06E2DD1918E5}G:\brutal doom\zdoom.exe" = protocol=6 | dir=in | app=g:\brutal doom\zdoom.exe |
"TCP Query User{3E5EBAD4-18B7-42D2-83F7-E43CA1358E7C}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{3F000CB0-09DD-477D-9DBE-4E3634FF8F06}C:\users\malzzzy\documents\zandronum2\zandronum.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\zandronum2\zandronum.exe |
"TCP Query User{500C1E53-81A0-4A3E-B2E5-9BB5CC1DF73F}C:\program files (x86)\steam\steamapps\malzzzy\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life deathmatch source\hl2.exe |
"TCP Query User{5AC8956B-BFEA-4D91-8DBE-A4CF0ED4F5DE}C:\users\malzzzy\documents\terraria stuffs\terraria fresh server\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\terraria stuffs\terraria fresh server\terrariaserver.exe |
"TCP Query User{5FF96840-D741-4F12-97C8-D347A36C1357}C:\program files (x86)\mumble\murmur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mumble\murmur.exe |
"TCP Query User{63C31A34-D3EC-48CC-82F1-F6A89287EB61}C:\users\malzzzy\documents\skulltag\zandronum.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\skulltag\zandronum.exe |
"TCP Query User{6B90B660-03C8-46B4-87DE-E97D6D5D3972}C:\users\malzzzy\documents\skulltag\ide.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\skulltag\ide.exe |
"TCP Query User{6CB366CA-EF28-489B-A12F-C4C14EED5A10}C:\program files (x86)\steam\steamapps\malzzzy\dystopia\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\dystopia\hl2.exe |
"TCP Query User{737CF516-EB06-49B9-9269-3D1DEAF27731}G:\skulltag\skulltag.exe" = protocol=6 | dir=in | app=g:\skulltag\skulltag.exe |
"TCP Query User{7F17A9A4-4521-4389-B712-F324A1AA86CC}C:\users\malzzzy\documents\skulltag\skulltag.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\skulltag\skulltag.exe |
"TCP Query User{84B0B775-4A61-4267-862D-310B489C3481}C:\users\malzzzy\documents\megaman 8 bit deathmatch\skulltag.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\megaman 8 bit deathmatch\skulltag.exe |
"TCP Query User{8585BC69-C469-43F7-BA89-A2CDB5977062}C:\users\malzzzy\documents\terraria stuffs\tshock 3.9.0.0526\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\terraria stuffs\tshock 3.9.0.0526\terrariaserver.exe |
"TCP Query User{90D2F45A-FEA9-4153-9A72-769FA03DE6FA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{92292F83-D41B-4BDE-8C6A-30842812959A}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\tl-wdr3600\easysetupassistant.exe |
"TCP Query User{98BBAF78-BC00-4453-AE97-554E0B92F537}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{9CE68D56-0BA1-4356-9798-05E0A78D8C0C}C:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{9D6ED8D9-07BB-41D2-BAE9-99BB7A4E882F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{A6AAE126-6C3D-4F42-ADD1-9A2306CF8DE8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{B24C2527-5348-4976-8A91-1EE7CC528F58}C:\users\malzzzy\documents\itg2\program\in the groove 2.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\itg2\program\in the groove 2.exe |
"TCP Query User{C2CB444D-98F5-4FB4-9C1A-75DC94C18E34}C:\users\malzzzy\documents\zandronum\zandronum.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\zandronum\zandronum.exe |
"TCP Query User{C7267FE9-AA05-47E8-B259-BB8E1134F9C6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{DA6AE449-CFDF-4A92-AE88-2FFD40C6A879}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{DEA6D81C-C878-4B77-AC0C-5F8EDADC9418}C:\program files (x86)\nestalgia\nestalgia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nestalgia\nestalgia.exe |
"TCP Query User{E82E4A9B-A392-425F-9927-021DE81490E8}C:\users\malzzzy\documents\skulltag2\skulltag.exe" = protocol=6 | dir=in | app=c:\users\malzzzy\documents\skulltag2\skulltag.exe |
"TCP Query User{FED25A5D-8C0A-4417-8C59-63187EDC5F15}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0CBC4164-0C2B-4192-9A15-B34892CDED85}C:\users\malzzzy\documents\megaman 8 bit deathmatch\skulltag.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\megaman 8 bit deathmatch\skulltag.exe |
"UDP Query User{0EA5AA7A-05BF-44C8-BF37-C40E1A3D3F6A}C:\users\malzzzy\documents\zandronum2\zandronum.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\zandronum2\zandronum.exe |
"UDP Query User{187DF351-CD38-4BBA-99C3-2E31B2E30B4A}C:\users\malzzzy\documents\skulltag\zandronum.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\skulltag\zandronum.exe |
"UDP Query User{27330BC5-2924-48C2-A4DC-CE26C613A7CD}C:\users\malzzzy\documents\terraria stuffs\terraria fresh server\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\terraria stuffs\terraria fresh server\terrariaserver.exe |
"UDP Query User{2786964D-B286-43BC-A05B-9131C322D323}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{278BC8C4-410C-48DB-A1FA-267ED67BEAAF}C:\program files (x86)\mumble\murmur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mumble\murmur.exe |
"UDP Query User{28D2542F-BD02-4EBB-9F54-CC343F55128E}G:\brutal doom\zdoom.exe" = protocol=17 | dir=in | app=g:\brutal doom\zdoom.exe |
"UDP Query User{30C8A53D-92FC-44E7-86C1-C6EB964EC5F0}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{31AD3B2A-DDD8-4D9C-9546-176265C63FED}C:\program files (x86)\steam\steamapps\malzzzy\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\half-life deathmatch source\hl2.exe |
"UDP Query User{3D12B8C7-D48A-4E05-93C7-BDD6CFBD2A7B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3D83B000-AB6A-4B6E-A1A3-6038268DDFC8}G:\skulltag\skulltag.exe" = protocol=17 | dir=in | app=g:\skulltag\skulltag.exe |
"UDP Query User{5B2BE319-CEE0-45DE-A184-A467424663F3}C:\users\malzzzy\documents\skulltag\ide.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\skulltag\ide.exe |
"UDP Query User{5D39E7A1-47EB-44ED-A9D8-0B1F78EB532C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{6B758D67-C2DE-4BDA-A6A3-3B9238FD2322}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{707F3E0C-0EDC-4A01-ADE4-94E51C57A314}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{73EF684F-50EF-498D-BC90-B567FDDCD989}C:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{762CB021-78B2-47B1-BB3A-AC99A88BDD5C}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{8B1FE8B7-77A8-447F-A08B-8987416288D1}C:\users\malzzzy\documents\skulltag2\skulltag.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\skulltag2\skulltag.exe |
"UDP Query User{919926C3-BEF8-4624-A50B-FB5133C9C8F3}E:\easysetupassistant\tl-wdr3600\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\tl-wdr3600\easysetupassistant.exe |
"UDP Query User{975B9AEC-C70B-47B6-9066-ED2E1B525263}C:\program files (x86)\nestalgia\nestalgia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nestalgia\nestalgia.exe |
"UDP Query User{9AEA30D4-F654-4273-897C-71C6623183F8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A111FC0E-B939-4B13-B5D0-115335FA51D0}C:\users\malzzzy\documents\skulltag\skulltag.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\skulltag\skulltag.exe |
"UDP Query User{A2CE8EB3-89CD-48C6-AD7C-A3459D082C33}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{A8A78AEF-1254-4E10-95BD-74F9F90E179C}C:\users\malzzzy\documents\terraria stuffs\tshock 3.9.0.0526\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\terraria stuffs\tshock 3.9.0.0526\terrariaserver.exe |
"UDP Query User{AE3D1CA3-EE2A-4FA6-B067-013DBAF1F573}C:\users\malzzzy\documents\itg2\program\in the groove 2.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\itg2\program\in the groove 2.exe |
"UDP Query User{B70C404B-09BE-418C-B2DA-13F9F7E04FDF}C:\program files (x86)\steam\steamapps\malzzzy\dystopia\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\dystopia\hl2.exe |
"UDP Query User{BB782076-1D68-4E2A-91E3-E394C4CD93B0}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
"UDP Query User{C86B4116-5763-4984-9C31-4320D57848E4}G:\brutal doom\doom connector\doom connector\connector.exe" = protocol=17 | dir=in | app=g:\brutal doom\doom connector\doom connector\connector.exe |
"UDP Query User{EEA71FA8-262F-4AD0-A40F-1521CB3B7FFE}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{FA583FE9-80D6-4B24-874A-234955AED457}C:\program files (x86)\steam\steamapps\malzzzy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\malzzzy\source sdk base\hl2.exe |
"UDP Query User{FF808891-9A56-4907-83AA-053CBDEB9EA3}C:\users\malzzzy\documents\zandronum\zandronum.exe" = protocol=17 | dir=in | app=c:\users\malzzzy\documents\zandronum\zandronum.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D71C967C-8709-4334-BF16-952469E96DCD}" = TightVNC
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"AutoHotkey" = AutoHotkey 1.1.09.04
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"GCFScape_is1" = GCFScape 1.8.2
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Recuva" = Recuva
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WebConnect" = WebConnect 3.0.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 1.02
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Overture
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4728328C-4851-48EF-A55F-18540931A584}" = Logger Pro 3.8.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{696DA58D-BADD-446E-890E-E926F1024ACE}" = TEdit 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B05D25F-504F-4C61-8A57-259939EF0D54}" = Minutor
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Aquaria" = Aquaria
"ASIO4ALL" = ASIO4ALL
"Atom Zombie Smasher_is1" = Atom Zombie Smasher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Braid_is1" = Braid (Version 1.015)
"CDisplay_is1" = CDisplay 1.8
"CL-Eye Driver" = CL-Eye Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout_is1" = Fallout
"foobar2000" = foobar2000 v1.1.13
"Fraps" = Fraps (remove only)
"GoldWave v5.58" = GoldWave v5.58
"Google Chrome" = Google Chrome
"HyperCam 3" = HyperCam 3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"LAME_is1" = LAME v3.99.3 (for Windows)
"Machinarium" = Machinarium
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"mIRC" = mIRC
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mungyodance 2" = Mungyodance 2 (remove only)
"MuseScore" = MuseScore 1.3
"NEStalgia" = NEStalgia
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PDF Complete" = PDF Complete Special Edition
"Plants vs. Zombies" = Plants vs. Zombies
"PunkBusterSvc" = PunkBuster Services
"RevengeOfTheTitansHIB" = Revenge of the Titans HIB (remove only)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Steam App 10" = Counter-Strike
"Steam App 105600" = Terraria
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13230" = Unreal Tournament 2004
"Steam App 13240" = Unreal Tournament: Game of the Year Edition
"Steam App 13250" = Unreal Gold
"Steam App 13260" = Unreal Development Kit
"Steam App 15500" = The Wonderful End of the World
"Steam App 15520" = AaAaAA!!! - A Reckless Disregard for Gravity
"Steam App 15540" = 1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby)
"Steam App 15560" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
"Steam App 1630" = Disciples II: Rise of the Elves
"Steam App 17520" = Synergy
"Steam App 18700" = And Yet It Moves
"Steam App 20" = Team Fortress Classic
"Steam App 200210" = Realm of the Mad God
"Steam App 200900" = Cave Story+
"Steam App 204300" = Awesomenauts
"Steam App 207420" = Wizorb
"Steam App 208110" = Myst V
"Steam App 211" = Source SDK
"Steam App 211260" = They Bleed Pixels
"Steam App 211600" = Thief Gold
"Steam App 211740" = Thief 2
"Steam App 214050" = Sanctum Beta
"Steam App 215" = Source SDK Base 2006
"Steam App 216150" = MapleStory
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 2200" = Quake III Arena
"Steam App 22100" = Mount & Blade
"Steam App 224960" = Tomb Raider I
"Steam App 224980" = Tomb Raider: The Last Revelation
"Steam App 225000" = Tomb Raider: Chronicles
"Steam App 225020" = Tomb Raider (VI): The Angel of Darkness
"Steam App 225300" = Tomb Raider II
"Steam App 225320" = Tomb Raider III: Adventures of Lara Croft
"Steam App 2270" = Wolfenstein 3D
"Steam App 2280" = The Ultimate DOOM
"Steam App 2290" = Final DOOM
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 2330" = Quake II: The Reckoning
"Steam App 2340" = Quake II: Ground Zero
"Steam App 2350" = Quake III: Team Arena
"Steam App 2360" = HeXen: Beyond Heretic
"Steam App 2370" = HeXen: Deathkings of the Dark Citadel
"Steam App 2390" = Heretic: Shadow of the Serpent Riders
"Steam App 240" = Counter-Strike: Source
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 29180" = Osmos
"Steam App 30" = Day of Defeat
"Steam App 310" = Source Multiplayer Dedicated Server
"Steam App 31280" = Poker Night at the Inventory
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33100" = Alien Shooter
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38740" = EDGE
"Steam App 39000" = Moonbase Alpha
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 49600" = Beat Hazard
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 55000" = Flotilla
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 570" = Dota 2
"Steam App 60" = Ricochet
"Steam App 630" = Alien Swarm
"Steam App 63600" = realMyst
"Steam App 63610" = Riven
"Steam App 63660" = Myst: Masterpiece Edition
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 70300" = VVVVVV
"Steam App 70640" = Worms
"Steam App 9000" = Wolfenstein 3D: Spear of Destiny
"Steam App 9010" = Return to Castle Wolfenstein
"Steam App 9030" = Quake Mission Pack 2: Dissolution of Eternity
"Steam App 9040" = Quake Mission Pack 1: Scourge of Armagon
"Steam App 9050" = DOOM 3
"Steam App 9060" = HeXen II
"Steam App 9070" = DOOM 3: Resurrection of Evil
"Steam App 9160" = Master Levels for DOOM II
"Steam App 91600" = Sanctum
"Steam App 9180" = Commander Keen Complete Pack
"Steam App 92300" = A.R.E.S.
"Steam App 92800" = SpaceChem
"Steam App 94200" = Jamestown
"Steam App 98200" = Frozen Synapse
"Steam App 99900" = Spiral Knights
"Steel Storm" = Steel Storm - Burning Retribution (remove only)
"StepMania 5" = StepMania v5.0 beta 1a (remove only)
"TeamViewer 8" = TeamViewer 8
"TR2Gold" = TR2Gold
"TreeSize Free_is1" = TreeSize Free V2.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-596548954-2750827391-4164645071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/1/2013 9:36:01 AM | Computer Name = Christina-HP | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 3ca0    Start Time:
 01cea717ea18c600    Termination Time: 5    Application Path: C:\Users\Christina\Desktop\OTL.exe

Report
 Id: 6b7b48e9-130b-11e3-a130-2c27d7366c35  
 
[ System Events ]
Error - 9/1/2013 9:48:57 AM | Computer Name = Christina-HP | Source = DCOM | ID = 10010
Description =
 
Error - 9/1/2013 9:49:26 AM | Computer Name = Christina-HP | Source = bowser | ID = 8003
Description =
 
 
< End of report >
 

 



#6 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 09:25 AM

this is the OTL.txt file:

 

 

OTL logfile created on: 9/1/2013 9:36:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.97% Memory free
7.93 Gb Paging File | 6.07 Gb Available in Paging File | 76.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.35 Gb Total Space | 250.98 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 11.07 Gb Total Space | 1.22 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINA-HP | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013/09/01 09:16:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
PRC - [2013/08/07 05:42:30 | 004,308,320 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/08/07 05:42:29 | 011,737,952 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/08/07 05:28:08 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/08/06 00:31:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/01 04:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/02/24 16:47:08 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/11/20 18:34:22 | 001,696,824 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2011/12/30 07:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/31 17:18:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/21 11:46:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/07 05:42:30 | 004,308,320 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/11/22 01:01:49 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/06 00:31:25 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/01 04:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/19 10:17:50 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/09 04:22:16 | 000,358,400 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CMUSBDAC.sys -- (CMUSBDAC)
DRV:64bit: - [2013/04/24 15:20:36 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/24 15:20:36 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/12/24 00:30:22 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/10/20 20:41:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011/11/22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011/09/28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 00:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 05:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/12 16:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk)
DRV:64bit: - [2008/07/03 23:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/02/04 12:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tiehdusb.sys -- (TIEHDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{7F8EE0CF-8812-4B91-8C96-3E8C2ABCE9C9}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\..\SearchScopes\{F9733206-E7EA-4093-9CCE-86B207A1C197}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/04/24 15:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/24 15:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/04/24 15:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/31 17:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/13 17:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Extensions
[2013/08/31 18:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qbcw05sz.default\extensions
[2013/08/31 18:57:38 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qbcw05sz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/11 16:08:53 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\qbcw05sz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/08/31 17:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/31 17:18:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Gmail = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/06/20 22:04:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-596548954-2750827391-4164645071-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKU\S-1-5-21-596548954-2750827391-4164645071-1001..\Run: [Facebook Update] C:\Users\Christina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\MALZZZY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u21-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BA9CDC-C7B3-49FB-AC06-D1BFCFD330EA}: NameServer = 167.206.251.129,167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F84AD11-B941-4302-AB88-15E3AF5A8529}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECCC427-BAE5-408A-B0E0-1C4CBE9864F1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/04 20:45:42 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cd127a41-ad7d-11e0-9bfb-2c27d7366c35}\Shell - "" = AutoRun
O33 - MountPoints2\{cd127a41-ad7d-11e0-9bfb-2c27d7366c35}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/01 09:21:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/01 09:16:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2013/09/01 09:10:21 | 001,027,511 | ---- | C] (Thisisu) -- C:\Users\Christina\Desktop\JRT.exe
[2013/09/01 09:01:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/31 19:18:54 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Paint.NET
[2013/08/31 18:52:41 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\Programs
[2013/08/31 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Malwarebytes
[2013/08/31 17:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 01:00:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 01:00:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 01:00:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 01:00:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 01:00:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 01:00:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 01:00:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 01:00:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 01:00:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 01:00:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 01:00:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 01:00:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 01:00:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 01:00:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 01:00:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 22:44:59 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 22:44:59 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 22:44:59 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 22:43:33 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 22:43:33 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 22:43:06 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 22:42:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 22:42:40 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 22:42:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 22:42:39 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 22:42:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 22:42:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 22:42:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 22:42:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 22:42:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 22:42:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/01 09:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 09:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 09:16:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe
[2013/09/01 09:14:30 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 09:14:30 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 09:14:01 | 000,994,642 | ---- | M] () -- C:\Users\Christina\Desktop\adwcleaner.exe
[2013/09/01 09:10:39 | 001,027,511 | ---- | M] (Thisisu) -- C:\Users\Christina\Desktop\JRT.exe
[2013/09/01 09:08:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-596548954-2750827391-4164645071-1001UA.job
[2013/09/01 09:06:12 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 09:06:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Lyrics Seeker Update.job
[2013/09/01 09:05:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/01 09:05:40 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/31 18:52:50 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/31 18:08:06 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-596548954-2750827391-4164645071-1001Core.job
[2013/08/30 22:26:52 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/27 22:17:24 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/27 22:17:24 | 000,726,240 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/27 22:17:24 | 000,146,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/21 21:52:08 | 000,429,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/21 11:46:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 11:46:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/12 18:58:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristina.job
[2013/08/09 13:18:07 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/01 09:14:01 | 000,994,642 | ---- | C] () -- C:\Users\Christina\Desktop\adwcleaner.exe
[2013/08/31 18:52:50 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 20:46:02 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Lyrics Seeker Update.job
[2013/01/21 16:43:07 | 000,002,704 | ---- | C] () -- C:\Users\Christina\AppData\Local\recently-used.xbel
[2012/09/23 21:25:09 | 000,002,430 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/10 20:28:22 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/10 20:28:22 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/08/06 00:31:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/06 00:31:25 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/08/06 00:31:25 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/01 12:52:12 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/11/29 13:07:40 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/11/29 13:07:40 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/11/29 13:05:16 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/11/29 13:04:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/11/29 13:04:32 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/11/29 13:04:32 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/11/29 12:31:10 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/10/05 15:47:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/27 16:24:37 | 000,000,600 | ---- | C] () -- C:\Users\Christina\PUTTY.RND
[2005/03/16 22:01:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31000528AS ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multiple Card  Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 920.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 988320628736
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07B50CF0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:76650B61

< End of report >
 

 



#7 satchfan

satchfan

  • Malware Response Team
  • 2,934 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:30 PM

Posted 01 September 2013 - 02:02 PM

It appears that those pretty much sorted it out.

A bit more to deal with.

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL
 

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
    [2013/09/01 09:06:12 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Lyrics Seeker Update.job
    [2013/08/30 20:46:02 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Lyrics Seeker Update.job
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07B50CF0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:76650B61
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log and new OTL log.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:
 

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Logs to include in the next post:

OTL fix log
Mbam.txt
checkup.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 04:04 PM

after i clicked "run fix" and it restarted, this was the file that came up. im not sure if it is the otl fix file (i think it is that one) or what you said was the new otl. do you want me to run another otl?

 

 

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
C:\Windows\Tasks\Lyrics Seeker Update.job moved successfully.
File C:\Windows\tasks\Lyrics Seeker Update.job not found.
ADS C:\ProgramData\sdpsenv.dat:naughtypirates deleted successfully.
ADS C:\ProgramData\Temp:07B50CF0 deleted successfully.
ADS C:\ProgramData\Temp:76650B61 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Christina\Desktop\cmd.bat deleted successfully.
C:\Users\Christina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christina
->Temp folder emptied: 10552103 bytes
->Temporary Internet Files folder emptied: 247419390 bytes
->Java cache emptied: 7579 bytes
->FireFox cache emptied: 446602537 bytes
->Google Chrome cache emptied: 72563076 bytes
->Flash cache emptied: 46153 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MALZZZY
->Temp folder emptied: 26909336 bytes
->Temporary Internet Files folder emptied: 29076947 bytes
->Java cache emptied: 572675 bytes
->FireFox cache emptied: 392082464 bytes
->Google Chrome cache emptied: 198686971 bytes
->Flash cache emptied: 67833 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49204843 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78306192 bytes
RecycleBin emptied: 1199006740 bytes
 
Total Files Cleaned = 2,624.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09012013_164814

Files\Folders moved on Reboot...
C:\Users\Christina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Christina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 



#9 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 04:13 PM

this was the result for the MBAM scan WOOOOHOOOO NO MALWARE DETECTED :P

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Christina :: CHRISTINA-HP [administrator]

9/1/2013 5:07:20 PM
mbam-log-2013-09-01 (17-07-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252650
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 



#10 satchfan

satchfan

  • Malware Response Team
  • 2,934 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:30 PM

Posted 01 September 2013 - 04:24 PM

So far so good. :thumbup2:  

 

Please run SecurityCheck and post the log.

 

Are there any remaining problems?

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 04:25 PM

i dont have enough time at the moment so im afraid i have to stop the last scan in the middle because i have to go. i will complete it when i get home.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,934 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:30 PM

Posted 01 September 2013 - 04:27 PM

No problem but I may not answer until tomorrow, (GMT) as it's 10 25pm here in the UK and I have stuff to do before work tomorrow.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 01 September 2013 - 11:22 PM

i didnt think about time zones. it doesnt matter to me what time you reply. you helped me very much already and i am grateful. you guys just help people out of generosity having no gain from it at all. that is really cool.

 

this is the checkup.txt log

 

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 21  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.57  
 Google Chrome 29.0.1547.62  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#14 satchfan

satchfan

  • Malware Response Team
  • 2,934 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:30 PM

Posted 02 September 2013 - 04:11 AM

Any remaining problems?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 gothicpianist

gothicpianist
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 02 September 2013 - 10:07 AM

i dont think so. everything seems to be fine. could anything else be hiding in my computer somewhere? should i run a kaspersky scan? and should i update whatever on the checkup list says "java version out of date?" hahaha sorry so many questions at once.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users