Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD launching website on login


  • Please log in to reply
8 replies to this topic

#1 rns11

rns11

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 May 2014 - 10:23 AM

Hi,

 

I'm having a problem identical to the one outlined in this thread: http://www.bleepingcomputer.com/forums/t/532750/cmd-lanching-webpage-on-startup/ . I have tried running MBAM, but it did not detect any issues and the problem persists.

 

Any help you can offer would be appreciated

 

Thanks!

 

 



BC AdBot (Login to Remove)

 


m

#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:35 PM

Posted 01 May 2014 - 12:22 PM

Hi :welcome: to BleepingComputer

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

.
IMPORTANT: At BC we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
 

«»«»«»

 

OTL Scan

  • Download OTL to your Desktop
  • Execute OTL by double clicking the icon OTL.gif. Make sure all other windows are closed.
    (On Windows Vista or higher right click the file, select Run as Administrator and accept the Security Warning.)
    OTL_default.Png
  • Do not change any other settings and tick only the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the CustomScanBox.png box paste this (exclude the Quote text):

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir %systemdrive%\* /S /A:L /C
    CREATERESTOREPOINT

  • Click the RunScanButton.png button. Let the program run uninterrupted, the scan won't take long.
  • When the scan completes, it will open notepad with OTL.Txt and another with Extras.txt. The files are saved on the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the full contents of both files and post in your topic.

 

Things I would like to see in your next reply:

  • The OTL.txt and Extras.txt log's

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 rns11

rns11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 May 2014 - 12:57 PM

Hi SleepyDude,

 

I appreciate your help with this! Because the length of the combined logs is too much for a single forum post, I'll put OTL.txt here and Extras.txt in a subsequent post.

 

 

OTL logfile created on: 5/1/2014 12:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Ravi\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 63.39% Memory free
7.00 Gb Paging File | 4.30 Gb Available in Paging File | 61.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 18.86 Gb Free Space | 31.63% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 253.93 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive G: | 2794.39 Gb Total Space | 1085.27 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
 
Computer Name: RAVI-PC | User Name: rsubr_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/01 12:46:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Ravi\Downloads\OTL.exe
PRC - [2014/04/29 06:51:50 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/03/29 17:23:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\rsubr_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/25 13:12:42 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE
PRC - [2013/04/15 04:50:34 | 000,337,432 | ---- | M] (Power Software Ltd) -- D:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012/07/23 19:33:22 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2010/05/10 12:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/01 10:09:48 | 001,175,040 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._core_.pyd
MOD - [2014/05/01 10:09:48 | 001,157,120 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_ssl.pyd
MOD - [2014/05/01 10:09:48 | 001,062,400 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._controls_.pyd
MOD - [2014/05/01 10:09:48 | 000,811,008 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._windows_.pyd
MOD - [2014/05/01 10:09:48 | 000,805,888 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._gdi_.pyd
MOD - [2014/05/01 10:09:48 | 000,735,232 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._misc_.pyd
MOD - [2014/05/01 10:09:48 | 000,712,192 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_hashlib.pyd
MOD - [2014/05/01 10:09:48 | 000,686,080 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\unicodedata.pyd
MOD - [2014/05/01 10:09:48 | 000,557,056 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\pysqlite2._sqlite.pyd
MOD - [2014/05/01 10:09:48 | 000,525,640 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\windows._lib_cacheinvalidation.pyd
MOD - [2014/05/01 10:09:48 | 000,364,544 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\pythoncom27.dll
MOD - [2014/05/01 10:09:48 | 000,320,512 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32com.shell.shell.pyd
MOD - [2014/05/01 10:09:48 | 000,128,512 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_elementtree.pyd
MOD - [2014/05/01 10:09:48 | 000,127,488 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\pyexpat.pyd
MOD - [2014/05/01 10:09:48 | 000,122,368 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._wizard.pyd
MOD - [2014/05/01 10:09:48 | 000,119,808 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32file.pyd
MOD - [2014/05/01 10:09:48 | 000,110,080 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\PyWinTypes27.dll
MOD - [2014/05/01 10:09:48 | 000,108,544 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32security.pyd
MOD - [2014/05/01 10:09:48 | 000,098,816 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32api.pyd
MOD - [2014/05/01 10:09:48 | 000,087,040 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_ctypes.pyd
MOD - [2014/05/01 10:09:48 | 000,070,656 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\wx._html2.pyd
MOD - [2014/05/01 10:09:48 | 000,044,032 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_socket.pyd
MOD - [2014/05/01 10:09:48 | 000,038,912 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32inet.pyd
MOD - [2014/05/01 10:09:48 | 000,035,840 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32process.pyd
MOD - [2014/05/01 10:09:48 | 000,026,624 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\_multiprocessing.pyd
MOD - [2014/05/01 10:09:48 | 000,025,600 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32pdh.pyd
MOD - [2014/05/01 10:09:48 | 000,024,064 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32pipe.pyd
MOD - [2014/05/01 10:09:48 | 000,022,528 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32ts.pyd
MOD - [2014/05/01 10:09:48 | 000,018,432 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32event.pyd
MOD - [2014/05/01 10:09:48 | 000,017,408 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32profile.pyd
MOD - [2014/05/01 10:09:48 | 000,011,264 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\win32crypt.pyd
MOD - [2014/05/01 10:09:48 | 000,010,240 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\Temp\_MEI46962\select.pyd
MOD - [2014/04/29 06:51:49 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/03/29 17:23:43 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Users\rsubr_000\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\rsubr_000\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/29 11:34:42 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/11/27 10:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 04:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 23:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 22:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/21 20:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 03:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/29 23:14:34 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/29 23:14:33 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/29 23:14:32 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/29 22:55:00 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/09/29 22:54:59 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/04/29 06:51:50 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/09 16:48:28 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/03/29 17:23:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/24 18:17:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2013/10/25 13:12:42 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\Windows\SysWOW64\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/29 23:14:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2010/05/10 12:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/10 05:35:53 | 000,377,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014/01/07 20:46:27 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/29 12:39:00 | 013,201,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/11/29 11:04:08 | 000,624,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/11/10 21:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 19:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/30 19:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/30 19:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/30 19:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/12 21:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/29 23:14:29 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/29 23:14:29 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/29 23:14:29 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 22:55:05 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/09/29 22:55:00 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 22:54:43 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/09/29 22:54:43 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/29 22:54:42 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/09/29 22:54:42 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/09/29 22:54:42 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/09/24 09:54:40 | 000,222,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/15 04:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/09/22 18:17:24 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2012/06/05 00:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/11/23 19:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 19:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012/12/29 15:59:38 | 000,028,664 | ---- | M] (Almico Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C B5 B5 8A B5 D1 CD 01  [binary data]
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.20
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/23 09:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/03 21:41:04 | 000,000,000 | ---D | M]
 
[2012/10/27 16:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Extensions
[2014/04/30 21:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\extensions
[2013/05/03 21:41:04 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2014/02/25 19:14:50 | 002,873,766 | ---- | M] () (No name found) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\extensions\nasanightlaunch@example.com.xpi
[2014/04/27 15:28:30 | 000,537,864 | ---- | M] () (No name found) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:21:48 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 09:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 17:23:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: First user (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001..\Run: [CMD] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rsubr_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - D:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - D:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - D:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - D:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3661820659-3223829330-804332484-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C87EF619-A935-4B1B-9BFB-AC90819B84C4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7e4308f6-9ab6-11e3-bed4-6cf049ecf5c9}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4308f6-9ab6-11e3-bed4-6cf049ecf5c9}\Shell\AutoRun\command - "" = "H:\VZW_Software_upgrade_assistant.exe"
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\addons\command - "" = C:\WINDOWS\SysWow64\explorer.exe -- [2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\setup.exe"
O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 10:14:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/01 10:07:59 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/05/01 10:07:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 10:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/29 12:44:21 | 000,000,000 | ---D | C] -- D:\Users\rsubr_000\Documents\Endless Legend
[2014/04/25 06:04:29 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Roaming\DarkSoulsII
[2014/04/25 06:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls II
[2014/04/19 22:11:46 | 000,000,000 | ---D | C] -- D:\Users\rsubr_000\Documents\FFXIVAPP
[2014/04/13 18:20:58 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tides
[2014/04/09 17:39:07 | 001,287,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/04/09 17:39:07 | 001,109,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/04/09 17:39:04 | 000,377,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2014/04/05 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Roaming\SpaceEngineers
[2014/04/04 01:16:41 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/04/04 01:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/04/04 01:16:39 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Roaming\Notepad++
[2014/04/03 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\.thumbnails
[2014/04/03 22:30:04 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Local\fontconfig
[2014/04/03 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\AppData\Local\gegl-0.2
[2014/04/03 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\rsubr_000\.gimp-2.8
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/01 12:44:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/01 11:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/01 10:41:30 | 000,001,308 | ---- | M] () -- C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014/05/01 10:15:31 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/05/01 10:15:31 | 000,730,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/05/01 10:15:31 | 000,135,520 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/05/01 10:11:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/01 10:09:31 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/01 10:09:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/01 10:09:19 | 857,722,879 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/25 06:03:41 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Dark Souls II.lnk
[2014/04/22 19:24:21 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/04/22 19:24:21 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2014/04/07 21:38:10 | 000,493,792 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/03 22:30:56 | 000,000,875 | ---- | M] () -- C:\Users\rsubr_000\AppData\Local\recently-used.xbel
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/25 06:03:41 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Dark Souls II.lnk
[2014/04/03 22:30:56 | 000,000,875 | ---- | C] () -- C:\Users\rsubr_000\AppData\Local\recently-used.xbel
[2014/04/03 22:29:47 | 000,000,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014/03/18 23:55:50 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/11/29 13:29:56 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2013/11/29 10:59:50 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/10/18 01:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/09/26 19:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 19:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 19:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 19:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 19:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/15 12:06:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll
[2013/07/06 00:35:25 | 000,000,828 | ---- | C] () -- C:\WINDOWS\STBC.ini
[2013/05/13 15:01:01 | 000,186,848 | ---- | C] () -- C:\WINDOWS\SysWow64\WinService.exe
[2013/05/13 03:58:27 | 001,414,144 | ---- | C] () -- C:\WINDOWS\SysWow64\spk.dll
[2013/05/13 03:58:27 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/05/05 00:48:47 | 003,123,272 | R--- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2013/04/30 16:04:14 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Sfc3ng.ini
[2013/04/23 18:50:16 | 000,000,843 | ---- | C] () -- C:\WINDOWS\STA2.ini
[2012/12/06 18:53:26 | 000,000,216 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2012/12/05 09:53:52 | 000,290,184 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2012/12/05 09:53:51 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2012/11/19 02:33:32 | 000,065,656 | ---- | C] () -- C:\WINDOWS\SysWow64\bdmpegv.dll
[2012/11/19 02:33:30 | 000,022,640 | ---- | C] () -- C:\WINDOWS\SysWow64\bdmjpeg.dll
[2012/10/27 16:16:19 | 000,007,602 | ---- | C] () -- C:\Users\rsubr_000\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2013/10/18 17:45:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 03:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/08 23:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/09 21:36:41 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\.minecraft
[2013/10/08 14:51:54 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\.mono
[2013/12/18 20:31:29 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\11bitstudios
[2013/01/19 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\BANDISOFT
[2013/01/21 03:39:32 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\BitComet
[2014/04/25 06:05:10 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\DarkSoulsII
[2013/02/11 22:22:21 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Dead Space 3
[2013/09/22 15:21:39 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Doublefine
[2014/05/01 10:10:12 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Dropbox
[2013/10/26 15:15:38 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Evolved
[2013/02/28 23:59:51 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\FALCOM
[2013/11/16 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Galaxy on Fire 2 Full HD
[2014/03/22 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\GameRanger
[2013/06/04 07:22:19 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\HorizonWimba
[2013/11/19 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Injustice
[2012/10/27 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\JCreator
[2012/10/27 18:17:34 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Leadertech
[2014/01/09 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Might & Magic Heroes VI
[2013/03/04 02:06:26 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Mobipocket
[2014/01/30 00:40:27 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\MPC-HC
[2014/04/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Mumble
[2013/03/09 12:50:14 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\My Battle for Middle-earth™ II Files
[2014/04/04 01:45:45 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Notepad++
[2013/02/05 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\OBS
[2013/08/19 16:26:53 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Origin
[2012/11/06 17:14:38 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\PowerISO
[2013/08/24 14:25:35 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Red Alert 3 Uprising
[2012/10/28 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Sony Online Entertainment
[2014/04/05 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\SpaceEngineers
[2013/04/24 02:01:26 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Star Trek Armada II Fleet Operations
[2013/08/19 18:34:57 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\StarDrive
[2013/11/30 19:47:57 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Thunder Wolves
[2013/09/11 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\Trine2
[2014/03/20 22:53:08 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\UnknownApplicationVendor
[2014/01/29 22:01:15 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\WinBatch
[2013/05/02 18:49:50 | 000,000,000 | ---D | M] -- C:\Users\rsubr_000\AppData\Roaming\X3 Editor 2
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2013/08/22 06:31:58 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/08/22 06:34:22 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 04:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 05:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/10/12 16:48:42 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/21 21:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/21 21:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 05:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 05:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2013/08/22 04:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2013/09/29 23:14:30 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2013/09/29 23:14:48 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/10/08 00:48:10 | 000,255,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 04:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 06:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/21 23:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2013/09/14 04:11:03 | 000,433,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 04:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2014/01/31 04:06:05 | 000,716,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 04:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 04:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 08:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/08/22 06:35:42 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 04:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 06:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2013/08/22 04:18:58 | 000,534,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2013/08/22 04:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 06:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 08:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/08/22 04:12:56 | 000,133,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2013/08/22 04:48:09 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 04:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/21 21:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/12/31 18:57:55 | 001,214,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 05:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/21 22:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 05:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2013/10/10 06:38:48 | 000,221,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/08/22 04:19:19 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/11/15 08:24:22 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/10/30 19:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 04:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 04:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 05:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 06:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/21 22:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 04:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/10/06 21:13:16 | 003,532,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 05:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2013/11/27 03:58:05 | 001,503,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 04:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\SysWOW64\explorer.exe
[2013/10/22 01:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) MD5=1A0BC9598E4A58FC84570FFF5A108E58 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013/11/17 19:46:30 | 000,133,444 | ---- | M] () MD5=3DDF61E1B538A1205612192A61CC2376 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\explorer.exe
[2013/10/22 02:55:27 | 002,328,872 | ---- | M] (Microsoft Corporation) MD5=63DC38C3E4564B2405D562855643ABA2 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013/11/17 21:56:56 | 000,127,825 | ---- | M] () MD5=983D8A3EB94B05A199D3744C0F0C475F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
 
< MD5 for: SERVICES  >
[2013/08/22 10:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 23:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\rsubr_000\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\WINDOWS\SysNative\services.exe
[2013/08/22 08:25:40 | 000,405,488 | ---- | M] (Microsoft Corporation) MD5=B4B610BBCB002EC478C6FD80CF915697 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2013/09/29 22:49:50 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/09/29 22:49:50 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014/04/01 18:05:33 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:33 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:25 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:33 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:33 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:25 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 18:05:33 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.243_x64__8wekyb3d8bbwe\Common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
 
< MD5 for: SERVICES.MSC  >
[2013/09/29 22:49:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/09/29 22:49:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/09/29 22:49:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/09/29 22:49:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2013/08/22 00:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\SysWOW64\svchost.exe
[2013/08/22 00:30:58 | 000,031,552 | ---- | M] (Microsoft Corporation) MD5=425E22D9F5C01616AFC92987791B19E9 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1e2820e75323\svchost.exe
[2013/08/22 07:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\WINDOWS\SysNative\svchost.exe
[2013/08/22 07:45:17 | 000,037,768 | ---- | M] (Microsoft Corporation) MD5=E4CA434F251681590D0538BC21C32D2F -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b9abd944c459\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2013/08/22 05:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\WINDOWS\SysNative\userinit.exe
[2013/08/22 05:03:12 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=08C191B2917862BE90C33E31CB6B6D79 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce71a20a5a6fe7f\userinit.exe
[2013/08/21 21:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\SysWOW64\userinit.exe
[2013/08/21 21:54:12 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=41636F77AD6D9A396EA34E4786B96F2B -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c87e9ced498d49\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\WINDOWS\SysNative\winlogon.exe
[2013/08/22 04:55:08 | 000,564,736 | ---- | M] (Microsoft Corporation) MD5=7C94FDA3809015B8F2208D2E1C221F17 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
 
< dir %systemdrive%\* /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 5089-6670
 Directory of C:\
08/22/2013  09:45 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  09:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
08/22/2013  09:45 AM    <SYMLINKD>     All Users [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  09:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013  09:45 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013  09:45 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
08/22/2013  09:45 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
08/22/2013  09:45 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013  09:45 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013  09:45 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013  09:45 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
08/22/2013  09:45 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013  09:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013  09:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
08/22/2013  09:45 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
08/22/2013  09:45 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
08/22/2013  09:45 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default.migrated\Documents
07/26/2012  02:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/26/2012  02:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/26/2012  02:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
08/22/2013  09:45 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
08/22/2013  09:45 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
08/22/2013  09:45 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\rsubr_000
10/18/2013  01:06 AM    <JUNCTION>     Application Data [C:\Users\rsubr_000\AppData\Roaming]
10/18/2013  01:06 AM    <JUNCTION>     Cookies [C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCookies]
10/18/2013  01:06 AM    <JUNCTION>     Local Settings [C:\Users\rsubr_000\AppData\Local]
10/18/2013  01:06 AM    <JUNCTION>     My Documents [C:\Users\rsubr_000\Documents]
10/18/2013  01:06 AM    <JUNCTION>     NetHood [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/18/2013  01:06 AM    <JUNCTION>     PrintHood [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/18/2013  01:06 AM    <JUNCTION>     Recent [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Recent]
10/18/2013  01:06 AM    <JUNCTION>     SendTo [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\SendTo]
10/18/2013  01:06 AM    <JUNCTION>     Start Menu [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Start Menu]
10/18/2013  01:06 AM    <JUNCTION>     Templates [C:\Users\rsubr_000\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\rsubr_000\AppData\Local
10/18/2013  01:06 AM    <JUNCTION>     Application Data [C:\Users\rsubr_000\AppData\Local]
10/18/2013  01:06 AM    <JUNCTION>     History [C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\History]
10/18/2013  01:06 AM    <JUNCTION>     Temporary Internet Files [C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\rsubr_000\AppData\Local\Microsoft\Windows
10/18/2013  01:06 AM    <JUNCTION>     Temporary Internet Files [C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCache
10/18/2013  01:18 AM    <JUNCTION>     Content.IE5 [C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\rsubr_000\SkyDrive\Documents
10/06/2011  08:54 AM       (1,490,031) 08615 - Lethal Heritage - Michael A. Stackpole.rtf
10/06/2011  09:04 AM       (1,764,119) 08616 - Blood Legacy - Michael A. Stackpole.rtf
10/06/2011  09:04 AM       (1,903,761) 08617 - Lost Destiny - Michael A. Stackpole.rtf
10/05/2011  10:19 AM          (15,904) Appeal.docx
12/03/2012  11:54 AM          (25,864) BIOL1406X Lab Report.docx
02/06/2014  02:06 PM          (15,120) ENG 1302 issue proposal draft.docx
09/28/2011  12:26 PM          (13,956) EssayEval1.docx
12/14/2011  03:36 PM          (15,113) EvaluationFinal.docx
09/21/2011  11:44 AM          (23,337) Exile.docx
10/19/2011  01:25 PM          (26,828) Expanding the Contact Zone Revised.docx
10/18/2011  10:34 PM          (20,455) Expanding the Contact Zone.docx
12/16/2013  09:55 AM         (299,472) Feijoada.pdf
12/07/2011  02:51 PM          (17,218) Heart.docx
12/14/2011  11:46 AM          (19,273) HeartRevised.docx
01/29/2014  11:55 AM           (1,334) hw2.cir
10/03/2013  02:44 PM         (310,240) Lab 2 (atomic spectra).docx
10/19/2011  02:06 PM          (15,445) MidtermEval.docx
09/13/2011  07:34 PM          (16,072) Rain and Rhino.docx
09/07/2011  11:30 AM          (14,280) States_Discussion_Board_2.docx
              19 File(s)      6,007,822 bytes
 Directory of C:\Users\rsubr_000\SkyDrive\Documents\Engl 1302
02/18/2014  01:34 PM          (17,548) Issue Proposal Final.docx
               1 File(s)         17,548 bytes
 Directory of C:\Users\rsubr_000\SkyDrive\Documents\Graphs for Mechanics
01/22/2014  11:22 AM             (707) 0.01k.grf
01/22/2014  11:23 AM             (710) 0.02k.grf
01/22/2014  11:24 AM             (709) 0.04k.grf
01/22/2014  11:21 AM             (705) 0.05k.grf
01/22/2014  11:24 AM             (707) 0.08k.grf
01/22/2014  12:10 PM           (1,517) compositek.grf
               6 File(s)          5,055 bytes
 Directory of C:\Users\rsubr_000\SkyDrive\Electronics Labs\Lab 4
03/31/2014  10:53 AM          (20,063) Lab 4.docx
               1 File(s)         20,063 bytes
 Directory of C:\Windows\System32\config\systemprofile
11/13/2013  09:08 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming]
11/13/2013  09:08 PM    <JUNCTION>     Cookies [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
11/13/2013  09:08 PM    <JUNCTION>     Local Settings [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
11/13/2013  09:08 PM    <JUNCTION>     My Documents [C:\WINDOWS\system32\config\systemprofile\Documents]
11/13/2013  09:08 PM    <JUNCTION>     NetHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/13/2013  09:08 PM    <JUNCTION>     PrintHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/13/2013  09:08 PM    <JUNCTION>     Recent [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
11/13/2013  09:08 PM    <JUNCTION>     SendTo [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
11/13/2013  09:08 PM    <JUNCTION>     Start Menu [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
11/13/2013  09:08 PM    <JUNCTION>     Templates [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
11/13/2013  09:08 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
11/13/2013  09:08 PM    <JUNCTION>     History [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/13/2013  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows
11/13/2013  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
12/10/2013  06:51 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
11/13/2013  09:08 PM    <JUNCTION>     My Music [C:\WINDOWS\system32\config\systemprofile\Music]
11/13/2013  09:08 PM    <JUNCTION>     My Pictures [C:\WINDOWS\system32\config\systemprofile\Pictures]
11/13/2013  09:08 PM    <JUNCTION>     My Videos [C:\WINDOWS\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
11/13/2013  09:08 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming]
11/13/2013  09:08 PM    <JUNCTION>     Cookies [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies]
11/13/2013  09:08 PM    <JUNCTION>     Local Settings [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
11/13/2013  09:08 PM    <JUNCTION>     My Documents [C:\WINDOWS\system32\config\systemprofile\Documents]
11/13/2013  09:08 PM    <JUNCTION>     NetHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/13/2013  09:08 PM    <JUNCTION>     PrintHood [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/13/2013  09:08 PM    <JUNCTION>     Recent [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
11/13/2013  09:08 PM    <JUNCTION>     SendTo [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
11/13/2013  09:08 PM    <JUNCTION>     Start Menu [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
11/13/2013  09:08 PM    <JUNCTION>     Templates [C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
11/13/2013  09:08 PM    <JUNCTION>     Application Data [C:\WINDOWS\system32\config\systemprofile\AppData\Local]
11/13/2013  09:08 PM    <JUNCTION>     History [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
11/13/2013  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows
11/13/2013  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
12/10/2013  06:51 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
11/13/2013  09:08 PM    <JUNCTION>     My Music [C:\WINDOWS\system32\config\systemprofile\Music]
11/13/2013  09:08 PM    <JUNCTION>     My Pictures [C:\WINDOWS\system32\config\systemprofile\Pictures]
11/13/2013  09:08 PM    <JUNCTION>     My Videos [C:\WINDOWS\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
              27 File(s)      6,050,488 bytes
              87 Dir(s)  20,405,186,560 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\rsubr_000\SkyDrive:ms-properties
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:233BFF24

< End of report >
 

And Extras.txt:

 

OTL Extras logfile created on: 5/1/2014 12:47:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Ravi\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 63.39% Memory free
7.00 Gb Paging File | 4.30 Gb Available in Paging File | 61.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 18.86 Gb Free Space | 31.63% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 253.93 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive G: | 2794.39 Gb Total Space | 1085.27 Gb Free Space | 38.84% Space Free | Partition Type: NTFS
 
Computer Name: RAVI-PC | User Name: rsubr_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA98C80-7221-47AD-8A87-9C4125177170}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18A31FF2-6110-4287-A165-6C7051A1AD1B}" = rport=80 | protocol=6 | dir=out | app=g:\steam\steamapps\common\warframe\tools\remotecrashsender.exe |
"{2C66F5F4-8C9D-4037-94FF-29943334C71A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{341FEC40-EDF5-4A96-BFAC-B73CCEF8F10A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36D20C59-EDAE-4124-BA22-3B001008CFF8}" = rport=80 | protocol=6 | dir=out | app=g:\steam\steamapps\common\warframe\warframe.x64.exe |
"{50F44E07-F56C-40C8-8B87-332524F67D6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5F78D1A6-4B08-41D3-BC03-979DFA73874A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77600208-0950-4A6E-906A-6900F178E553}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C83FBD4-6D9A-468F-ACA3-E4E1F8A1375C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A36927B4-601E-4973-83EE-7533BB082CEE}" = rport=80 | protocol=6 | dir=out | app=g:\steam\steamapps\common\warframe\tools\launcher.exe |
"{AEEEC0D4-A2F8-4CF5-BDDA-8BF40743F9B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4159911-8E91-41A2-BC25-4C42F7B85592}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C5B76C66-566A-4F04-8048-FF04E20F0405}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA8A17EC-6630-43E8-A4C0-575007D75689}" = rport=80 | protocol=6 | dir=out | app=g:\steam\steamapps\common\warframe\warframe.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00560D6B-C5DF-4E4C-A13F-B2DCC24D41EA}" = dir=out | name=super calculator |
"{01641730-F1C1-4934-8B74-1EB3E16E0A94}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{01A1036F-44DD-44AA-BC56-41207D9FF8B5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{0226EC74-A3BA-4956-816D-A8A3C84C503B}" = dir=in | name=check point vpn |
"{025743B5-53C6-4162-8994-DF299B813A9E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bastion\bastion.exe |
"{02C95E58-5256-40FC-BC4D-B757FB5DC3FE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\super hexagon\superhexagon.exe |
"{03547C8D-099F-41E7-9663-F4B426119571}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{04986D5F-1791-49DC-A077-0B5D086692E5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{056131A3-95AD-482B-8BF8-34B49BC27B67}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hell yeah\hellyeah.exe |
"{05944D88-C29A-4D6B-9110-BEA3173E4E23}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{05CA8D5C-7BA2-4D64-8D59-63EAB9E976E3}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\x3 - reunion\x3.exe |
"{062FA01F-BEE5-451A-B6DD-EF717A473B03}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\jagged alliance crossfire\jaggedalliancecf.exe |
"{0641F705-D5B4-4F9D-ADF8-1E65170D190D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\endless legend\endlesslegend.exe |
"{06F15718-9D90-4485-8776-DB760D187ABC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{0735F4B9-9D22-4368-8829-A8F622F3A5A4}" = protocol=6 | dir=in | app=g:\games 2\farcry 3\bin\fc3editor.exe |
"{07E1FBE8-B816-4D3E-B1A1-944D23872187}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
"{07F84062-D8A5-48F9-8A0E-2BA2AE3F23DB}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\terraria\terraria.exe |
"{0864D77A-45B0-4806-AAF1-233B63E36660}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dead space\dead space.exe |
"{0889BE0B-1FF2-41C1-B083-1FC3415E2526}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{091D6B94-75A4-486A-BC65-84D5C86EDB68}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{097AFFAA-5330-4D40-9996-749BD5C22906}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{0A4089D6-7AC5-43D0-89CB-EBF2267928DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0BB4A617-BDD6-4974-A77B-2C43BC6A10CC}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{0C4D832D-50D7-40AB-819E-8BBA12AFA54B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{0C7E5785-6905-4DBB-8CF5-82E394C30666}" = protocol=17 | dir=in | app=g:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0CC68127-138B-400A-BFE4-F7161DF1110D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\gemini rue\reslists\gemini rue.exe |
"{0CE005DF-861A-4B29-8680-33D00120B9A2}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hero academy\heroacademy.exe |
"{0D1D66D8-A772-46D2-B017-D1A7681D83FC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\overlord\overlord.exe |
"{0D608607-633F-404C-B2FC-DE04A3C41E4F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{0D9EBF78-13D2-4C08-AFA4-7F6D166B9153}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\limbo\limbo.exe |
"{0DF1E301-ECA5-4919-8061-4FE5DC8B483D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dirt 3\dirt3.exe |
"{0E676EFA-4F24-4FBF-99DA-06F99A57B39E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\solar 2\solar2.exe |
"{0ED336CA-A170-401F-BF62-136F5643AB45}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{0F14A0A6-4BD6-4999-A407-C75B07D7F7BA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\warframe\tools\launcher.exe |
"{0F2BCB80-BA25-4A2D-B504-626938B6E62B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{0F69F068-0B80-49A1-AB27-5E676372BF8B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{0FB48363-01AF-4D96-918C-803AD8459EAB}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{0FB92C38-9AAE-48A1-89E0-57205EBE6EC2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\alpha protocol\aplauncher.exe |
"{10A9BE69-322F-483B-9082-3BAC44DF9849}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mortal kombat arcade kollection\binaries\win32\mkhdgame.exe |
"{110E49C5-8E7B-4C65-B0E6-3C343DA3E673}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{1205E612-3886-43DB-ADCA-45EFE366A784}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\reus\reus.exe |
"{12235E14-654F-4FA5-9588-EE8F71F4DC51}" = dir=out | name=wd |
"{122D7313-C5B2-47E5-843C-3C7E649448B9}" = protocol=17 | dir=in | app=g:\games 2\farcry 3\bin\farcry3.exe |
"{1366500A-5D2B-4AE3-A275-E0CD377C1692}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\binary domain\binarydomainconfiguration.exe |
"{1436B023-1133-4C3A-BD55-FDAFD69CFD6D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{149C7C60-8002-41B8-B03F-448E61B8F866}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{14F27A89-594B-419A-BB27-D6CCB9E6C92D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{153C5A2C-DBD0-4D49-9B0E-2D881731EF0C}" = protocol=17 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{15FAF628-6FCA-4F0A-85CE-D598A9FE4CCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{162C22E2-1B8A-41FD-ADD2-20FBB5E097F3}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{16E86B18-BF93-499D-B289-2F4E7D680F23}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{173DA543-1F6F-4E51-A902-708E5BD9CE69}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1756E270-0D68-46EB-A60E-66874A59DEB4}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{17571C23-435E-4B1A-A164-750971A72CCD}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{18EC4D3E-2E5E-47E1-866B-6618784D57F1}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{1916B9AF-9BBA-4ACC-962D-A32AC6A53FA4}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{191ACA21-3843-4FAB-8C35-B33576F19151}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hoard\win32\reuben.exe |
"{19291755-56BF-4476-979C-9913C6280942}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{19BC1813-C208-4BF1-9B30-35CE432130A8}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{1A26E3B0-C3D1-484E-86AA-4EC35412B50A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\natural selection 2\ns2.exe |
"{1B706DB4-241F-4BBD-BF22-BC3F32391077}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{1CC6C0B3-6B5C-4C13-A34D-51C913E376FF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{1CDF3222-9338-420F-B8A1-0DDB4C3FA53A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\zeno clash 2\binaries\win32\zc2.exe |
"{1CE3F3B5-FFE1-4BBE-8AF1-A51A7FB512CC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{1CF5D4BA-4F59-4CC2-BE31-4F4FF8265C7F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\zenoclash\zenoclash.exe |
"{1D397A3C-C352-4B6D-959B-810B6D9FA912}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{1E52EDCF-F20D-450E-AD8E-F08577EBE99C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\janes advanced strike fighters\gamelauncher.exe |
"{1E79D494-F485-4280-BF3E-230DF1DE2692}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\expeditions conquistador\expeditions conquistador.exe |
"{1EF9D2C6-9404-4D80-8E73-147372D15DA8}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\docs\sf2_fid_manual.pdf |
"{1F81E247-4818-4C39-BA28-FA564E2D4912}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\docs\mapeditorfirststeps.pdf |
"{20411BA1-D342-49E8-846E-63EE9C4272FE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\scribblenauts\scribble.exe |
"{208CEB17-6BB5-4F60-BFE5-774367B9152C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ys ii\config.exe |
"{21B08816-3A9B-44AF-8097-28209866AE8E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{22E99623-BB19-499E-A664-57AAAB7053A2}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpointgemini\starpointgemini.exe |
"{235F6C29-CCC8-4973-89DC-36889818DCE4}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{2434F91C-6DC0-439B-9570-D2C6183C8FC6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{24750575-EA16-4F90-BCC8-900E14C3C902}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2476EB96-2112-4846-8FC4-5F1169DBF5A6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\typing of the dead overkill\hotd_ng.exe |
"{24A6E37C-3309-40F3-A368-51DA5DB25821}" = dir=in | name=@{microsoft.remotedesktop_6.3.9600.16419_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{24A8B9D6-5920-4595-B5B4-62170EE4D050}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the swapper\theswapper.exe |
"{252C2E0B-972A-4BEE-A533-4A02AF7BEB5B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{253F2264-1384-4A0E-B95C-6377718FA971}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\gemini rue\reslists\winsetup.exe |
"{254F53CE-08A4-4C89-B78D-9C203146E2EF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{258CE42D-0BF7-4414-B7BC-4FFDD5A85EB2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\spellforce2faithindestiny.exe |
"{261B87D9-FBFF-4C2D-B5CC-1D0BFBFFE942}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{269F5AD8-4FCE-4EFE-BDC0-6CAAFB103DDC}" = dir=in | name=sonicwall mobile connect |
"{26CDE757-6357-402F-9CF6-A22BA20ABAEF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ssz directors cut\pc\main\binary\ssz.exe |
"{26F9107A-91A7-4DAF-BDCB-C97D856217D0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{28221978-B042-484B-A7F5-0E813AAF3F2E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic cd\setup.exe |
"{2846EFAC-DFC9-447B-ACE2-FD01BB0C5368}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{2866BEBD-9645-4683-9200-75AFEC43D563}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{2939CBDF-7803-4078-A44E-1D3AB1438DFD}" = dir=out | name=juniper networks junos pulse |
"{29F3A023-5A3D-4C56-8FC3-879818F41489}" = protocol=17 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{2A78E4B7-068F-48D5-B6B7-80DF717E76B5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2AA76795-5EC2-42D8-AC0D-16697FA7AE9F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{2AD8CF77-61A8-4FE7-A5F2-DFABF9C1730E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the bards tale\config\the bard's setup.exe |
"{2BB3FA4A-FE68-4A35-A6CF-39926739F579}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starforge\starforge.exe |
"{2CB8AC6E-E646-465C-954B-283A4C8D13C0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mortal kombat arcade kollection\binaries\win32\mkhdgame.exe |
"{2D0D71A4-5E36-4F40-BCAF-1C3FD843FC37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D4107B8-4393-4416-AC8B-3CC61F58FF10}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{2D655315-4FD4-4B0B-9616-840D54A386FA}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\reus\reus.exe |
"{2E65C679-2F1B-444A-95D8-2E9A810DC451}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
"{306491FE-69A0-4EC7-966E-0278FE350E45}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{31337A1A-22DE-4352-909B-7F2EE5C8C5E4}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ssz directors cut\pc\main\binary\ssz.exe |
"{317BAB0A-4794-40B8-BAFC-7DD1343BA6AA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the guild ii\guildii.exe |
"{32B6B93A-64C8-420A-9FBB-D878C772BCD1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic cd\soniccd.exe |
"{33A668B1-F66A-41C3-B0DE-F3EE01908CDF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{340040D3-B9F1-408A-B039-573BCC57FA82}" = dir=out | name=toolbox for windows 8 |
"{34205853-AF28-4374-9F43-719F1F63EAE2}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\pacific skies\acepatrol2.exe |
"{3422C469-F3DB-45EB-9F75-8AA526179456}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{3460431D-AC51-4C84-BD44-584FDEAA498E}" = protocol=6 | dir=in | app=g:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{351F88A3-16EA-47E6-8230-36DA2703DB3D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{354B39FC-26F8-4926-8AC0-BF03D415888B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\anomaly 2\anomaly 2.exe |
"{35F72A44-5CEB-4FF6-89CA-82B51A69A533}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{360D7B44-3292-4172-9150-53D44C3CC630}" = protocol=6 | dir=in | app=g:\games 2\lost planet 2\lp2dx9.exe |
"{3645CBA0-0C58-400C-99A9-CAA64E73F1BC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\pacific skies\acepatrol2.exe |
"{366F7506-78B6-4D27-83A9-3D9E77061034}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{36F43D3A-83CB-49D6-9231-845CFD276C94}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{385A15BF-151F-43A4-840A-8569CDA961C3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ufo afterlight\ufo.exe |
"{38BA58B7-315A-46D7-A7BA-BC9AE7EAFE56}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\binary domain\binarydomainconfiguration.exe |
"{3902AB32-38CC-4B46-AE0A-876CBA21723F}" = protocol=17 | dir=in | app=g:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{393108CC-CE63-4948-ABA0-EB56F4782BB6}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ys i\config.exe |
"{39E301FA-E771-4F9C-B9EA-F582ECC28745}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the bards tale\config\the bard's setup.exe |
"{3A9D804B-3947-47AE-AEB5-968ABE252F6B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ys ii\config.exe |
"{3B84DE6C-2AD1-4D40-848D-4A31C7505C81}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{3BA0D0FF-9EFC-44D1-85BF-A7841E6B84DB}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\garrysmod\hl2.exe |
"{3BF6E2EB-7DA6-4EEF-8A76-1C8D1A051033}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\operation flashpoint red river\redriverlauncher.exe |
"{3D3ABEAC-3958-4507-8BC1-9BC0E39D3CA7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\antichamber\binaries\win32\udk.exe |
"{3E0A8DD2-C74E-4BCA-9FF2-B8C1A8AECB87}" = protocol=6 | dir=in | app=g:\games 2\farcry 3\bin\fc3updater.exe |
"{3EAA2B38-BE68-4F32-B1D3-9C2C62F8D34A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the bards tale\the bard's tale.exe |
"{3ED77323-8859-4411-8DE6-671BB1A3613E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{3F25D2D5-05D2-4FC5-B1C2-1E45214297F9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\war in the north\witn.exe |
"{3FC564D6-00C6-4022-8221-2EF5A3404497}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
"{3FE1C628-F9D3-4FDE-835B-A38E7728CF88}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hoard\win32\reuben.exe |
"{3FE310B9-03EE-4D81-921B-C2D158FE506D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{40370EC2-4E71-4477-86A9-3C0CF62C3097}" = dir=in | name=f5 vpn |
"{40379665-7B9A-494F-8DAA-F9A24533CE2A}" = dir=out | name=@{microsoft.bingnews_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{40A99744-8D2B-4FF5-A742-EA2D23529ED0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the bards tale\the bard's tale.exe |
"{40BC3429-99DC-462A-AA09-9B875C8D0829}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\limbo\limbo.exe |
"{40DDA32D-91DF-4246-BCD6-0B582F3B1A63}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{4169200D-B87F-4195-BB7E-1B45DE1D1C60}" = protocol=6 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{4177BBCA-B208-4A9B-BEDB-DDD594F23A5E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\doom 3 bfg edition\doom3bfg.exe |
"{41BD3CAD-90E9-4A13-BFE9-684FF7C84D7A}" = protocol=17 | dir=out | app=g:\steam\steamapps\common\warframe\warframe.x64.exe |
"{4222023A-BF41-494B-918D-910513B597C4}" = dir=out | name=windows_ie_ac_001 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{42C5142D-1C9B-4454-8DE7-6AE5E8520BA3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dwarfs\dwarfs.exe |
"{449037AC-EC07-4B97-B1A4-B325E3C94ADC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{45914257-52E2-4D9D-BE1A-46DF4E116C13}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic & all-stars racing transformed\launcher.exe |
"{4606363F-004D-40B3-BB81-17F7D9B7170A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\warframe\warframe.exe |
"{46E5B4F5-EBDF-43B4-B5B6-AACB229A7B4D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\zenoclash\zenoclash.exe |
"{479ABF16-4446-49C0-97D5-C55EE24490EA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\divinity2_dev_cut\autorun.exe |
"{47E46AC3-70E5-4315-9CB3-8365CC8D50D6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\jack_lumber\jacklumber.exe |
"{48502693-F702-4D1E-AEB8-E91DF57C97C2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{48C791BE-08A7-46EC-AD6F-8760DE8CE19D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\binary domain\binarydomain.exe |
"{48E50728-3F51-4421-BF58-4A7F17D1EB4E}" = dir=out | name=ping |
"{491E536D-C835-4C4A-8143-83E09B54FF7F}" = dir=in | name=canon inkjet print utility |
"{498AFBA8-3868-4488-BDC1-EC4D1B0DC90D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{49DCDAA6-DD0E-4A16-9E40-5161E04AAA69}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\awesome\awesome.exe |
"{4AAA231B-0DFB-4EDD-B104-1B420EE0CF1E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\super hexagon\superhexagon.exe |
"{4ADBFE85-74A2-44DF-921C-D2033CF36DB9}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4C2B2CF4-5CF1-4D24-A328-700702D6A9B7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{4C390468-43A6-4B7B-8639-356AEEC89CEA}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4C8D9A48-F790-4F9C-8539-1F32BEEA0F37}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{4D4BCE7D-8899-4891-847C-B72538BB84F7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\natural selection 2\ns2.exe |
"{4D6A8B63-77D1-4195-86CA-DDF345D83819}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{4E693251-DD12-4D4B-8675-7F6728F15CD3}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4EEA183A-CEFB-4AFC-854C-B01D117AF508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F5E9388-A18B-4B6E-8B61-90A0680CCA16}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\brutallegend\brutallegend.exe |
"{50A1E45F-1243-43E8-BDF2-6A6BF19AB639}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dwarfs\dwarfs.exe |
"{50D60D99-C339-4DD4-A2E8-665A1E7D7311}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\air conflicts - pacific carriers\configure.exe |
"{50E912AF-61E7-4510-97AF-4C506F22824E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\arma gold\arma.exe |
"{5144A861-C301-41D7-B896-5C26DC0FA018}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{519380CB-7C61-499B-8C42-F8138471A010}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{52041D2D-A5BD-43F1-930B-ED076734331B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the witcher 2\launcher.exe |
"{521EF2B7-4036-45CD-BB32-25A6AA540625}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{52258AB2-FC60-4FB7-B257-574366970C51}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{52763B68-E8BB-4082-A9D9-FD181EFBF1C0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{53FE3CC0-462E-4A60-8900-92C052B645F0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54B28176-0EDC-464F-8A34-C9F486D7931D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ss2\shock2.exe |
"{55238E4E-B1B1-401F-83B1-C4EF7A58EA75}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\risk of rain\risk of rain.exe |
"{55ED9ED4-8614-4815-8EF2-985ED66BAADF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ss2\shock2.exe |
"{55F2039E-B531-467C-8FCE-07BA19354B1F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56ADFBBF-20E4-4115-9602-AA99F691EEE5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\gemini rue\reslists\winsetup.exe |
"{57297672-E6FB-4E07-82CD-8736033CA200}" = dir=out | name=sonicwall mobile connect |
"{58A428C1-2F25-4781-8381-094BA9995C72}" = dir=out | name=ohm's law |
"{58B45B9E-B5E7-4EDA-BF52-6573F4E1DCCB}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\terraria\terraria.exe |
"{58D418F0-EF60-4823-8322-BED8E5ABCC21}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{5921AFFF-EC59-47DB-AF2B-FAF9A2FFAC88}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\guacamelee\guac.exe |
"{5956E08C-0A69-4458-BC9B-DFEF14EA1069}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{59B34AF8-6B1E-4532-BE85-FB5BA87B07E7}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5A5B7D2F-585E-4E0E-A7D1-90C55B65349B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hardreset\hardreset.exe |
"{5B385444-B6E4-475D-A4B9-D19CA39E6C50}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe |
"{5C79F9D5-3D29-4BE1-B07B-E8693CB4232C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ufo afterlight\ufo.exe |
"{5D49A38E-F92E-4D83-A280-75035DE2EAD6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ss2\shock2.exe |
"{5DA2DF87-2609-4E72-9C73-9A7664E411CD}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fear2\fear2.exe |
"{5E08E517-7183-48DB-8ADB-20238F9C26EF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{5E7E5D07-E02C-4C31-BBE6-55D2F60C32E2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\awesome\awesome.exe |
"{5EB0CA0B-7228-45EB-9522-FCA252D3368B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\stardrive\stardrive.exe |
"{5EB19015-9B89-40A9-80B1-B1BAE6A4FCB0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dungeon of the endless\dungeonoftheendless.exe |
"{5F2A7271-4446-4A80-82E4-F2D5E6004DFA}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\warframe\warframe.x64.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F914BFB-F9DF-4F98-82A0-60A582A9FD65}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{6042597E-D1AF-4569-92A2-1C9A9C0AF2AC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{62134D58-AAF9-4CB3-BFD0-6064730FA563}" = dir=out | name=@{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{6259B27C-9A8A-404B-9BE5-E7B923012310}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic cd\soniccd.exe |
"{62CF0266-61CD-4CF4-AF5C-C6CDB9FD4A35}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{63927AEF-9210-4464-A230-0BE4ED6D2DC1}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{639A6AFD-C64C-4727-A2D9-F4723662147B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{647B12E2-BFA7-44F2-95B8-AA65C6827425}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{648D84EB-828A-4B03-8E95-2FADEB613B90}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{64D70FCA-DCF3-40A1-A508-2BEA724EC483}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{65F03EC9-F655-44E2-9D07-4B7A20D3CE2C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe |
"{6602300E-3CA0-486D-88DD-8D874E45A34A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\little inferno beta\little inferno.exe |
"{660444BC-6317-4F43-8EC5-42B1AFF9514E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\overlord\config.exe |
"{660B44C1-9F49-4BE4-B147-0D6EEDEF539D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\tomb raider\tombraider.exe |
"{6664D50E-3C5A-4CA4-B4D8-6333186BF3F7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{675805F3-3EF8-40BF-BC9B-EA8D573B36C2}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{687F843F-1997-4AB3-8B06-476B5D757A7F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{68928E3F-0F19-4A1E-8F43-47B9544B8542}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{691E74C7-34D4-4C40-B47A-5F8E1FB75D32}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{69C89EE1-2496-43CE-9B22-026F6E2DB1B3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{6A3B36A8-D575-44D5-A3F8-EF0BC81D73FD}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{6AAA846E-5378-4BD4-80B1-A2240F9D857D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\divinity2_dev_cut\autorun.exe |
"{6AEC666A-7338-4CEC-A98D-C768A64FC2B5}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\janes advanced strike fighters\gamelauncher.exe |
"{6BC18940-CBFA-4AF3-9951-7C95618C7FFA}" = dir=in | name=wd |
"{6BE48D09-3072-4127-A1D2-97DD08264458}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
"{6CA3877B-B982-459B-ADAA-93329F6354DE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\eets_munchies\eets2.exe |
"{6E06E6A8-F146-4F9A-90C9-265CF7BFB164}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{6E0D19BE-E4E3-41F6-B46A-335386E183B4}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{6F82D1B0-DB48-43BF-8FF2-9D694BD02E59}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\anomaly 2\anomaly 2.exe |
"{6FC05C21-A418-456E-B8A7-493887EE857D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\guacamelee\guac.exe |
"{70B9DA07-5F40-4264-B1AA-1566F6B0AF2C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bad hotel\badhotel.exe |
"{70D99794-B55D-4492-B938-4FEFC1D98EBD}" = dir=out | name=wikipedia |
"{71141741-3209-443C-A89C-31C752ADA27B}" = protocol=6 | dir=in | app=g:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{7135D890-2BCE-4486-BF75-33E39048F2DF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{71743DEC-2AC0-4F97-B36D-0E2AADEF783B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\awesome\awesome.exe |
"{731511B5-7B96-4B64-9830-4688BB99D1C0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\x3 - reunion\x3.exe |
"{73A3DA5A-0239-40DE-9B83-75825D0ECEBF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{73B76DBB-944B-440C-B7B7-8DA9D2303364}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{747E4311-7713-4944-8B0D-3D3E26CC7F8C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\medieval ii total war\launcher.exe |
"{74F1DF82-BD6E-432A-90FA-05DF3CC9027B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe |
"{7504AAB2-BFCD-4139-BE58-7D30E2082E1E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dirt showdown\showdown.exe |
"{75139DB1-D287-45EB-BB1D-A70CE87DC30D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\thunder wolves\thunderwolves.exe |
"{751835F9-4D65-45CD-B8B2-107061B09DAD}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{7649C73C-379A-4E4B-A999-D3EBFD13CA9F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{7776B624-947A-4E5A-AB72-A622D14F53A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{779448FB-BB46-4232-9606-5BDFE86B1AB4}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{77AA56B3-61ED-47AE-8B3E-A3E034A7D120}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ss2\shock2.exe |
"{77B6B123-854B-48DD-AFB7-CF6DC8541EBC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rocketbirds_hardboiled\game.exe |
"{78BB0C75-C829-4C0F-A14F-2B3FA95DC455}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bastion\bastion.exe |
"{7927DA40-B3B8-45FD-8EFF-4B53D87F10EF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the guild ii\guildii.exe |
"{7A5CFF61-9CB5-404B-89D2-25FD51039D61}" = dir=in | name=juniper networks junos pulse |
"{7AB4345A-5781-4331-BFCF-F6D3E157CF47}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\overlord\overlord.exe |
"{7AC7575D-AED7-405B-A867-9685BB71FD55}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{7AF308A4-0301-416C-BFDE-63B25C571800}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{7AFA5AE6-BE1A-4A7D-AEDC-89D4062BEE8C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
"{7B037987-37C8-410F-BE32-69829C246B2F}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{7B43DADE-C4D3-4DF6-8425-B76D01AD1D57}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{7B53AE8E-5F4C-4C80-A246-B193B1882563}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{7BAA7CE7-7734-43EE-A71C-CB6DC214F7A7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic cd\setup.exe |
"{7BBAC60A-0E2E-451E-A303-3720852457A0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\magicka\magicka.exe |
"{7C564351-3EF3-4E49-9D7C-C5632BA54705}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fez\fez_launchoptions.exe |
"{7C93C1D0-0F6D-47C3-B047-B1C7E6FA6B5B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{7D868770-E86D-4D4A-B790-1D4361121DDE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\air conflicts - pacific carriers\acpc.exe |
"{7E145135-99A1-42C4-A7D9-49935E0FA597}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{7EA674FC-ED96-4123-89C1-7432EDE8AF58}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's ace patrol\acepatrol.exe |
"{7EB8FC46-9653-48C0-BC94-A87F6F76E919}" = dir=out | name=canon inkjet print utility |
"{7F33FBC8-E86C-4E55-9ACF-414955413D69}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\awesome\awesome.exe |
"{7F61EDCC-9FA9-4F72-8E7B-CF6F53DC1CFD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic & all-stars racing transformed\launcher.exe |
"{7FA4A4EE-B3CC-4559-B5A3-7B2C8757C093}" = protocol=17 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{8061E73A-4A40-4093-B1B0-82D59D93BB7C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80CD5845-6A89-4600-A538-E4524C911F6E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{813533A5-6471-4DE2-A17F-BD85C1B426DB}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dungeon of the endless\dungeonoftheendless.exe |
"{81A1F342-A175-4934-B3F7-A0AA4C90BB59}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{81DF5B17-860D-4F90-A705-205E1FFB39D0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\endless legend\endlesslegend.exe |
"{81FBCBAF-987A-4456-BCEE-911290421E04}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{825E97A4-ACD2-46CF-A33D-0F63F94B47C1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{827ED99D-EFD2-4FCA-83DE-409D83B8685C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{829C4915-1888-4F5F-960C-7B1E9FAC3667}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\risk of rain\risk of rain.exe |
"{8367F85C-3C2B-42B6-875A-95F1991A3AA0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{84362B90-0CCB-448A-B97F-CA814467A603}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{84538E48-205E-43A4-A82F-1D2ADD3B4DE2}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\spellforce2faithindestinyeditor.exe |
"{847331A7-EA35-4BF5-8B58-C563C23FAD40}" = dir=out | name=sudoku free |
"{84AF6DCB-C9EE-4E1C-9154-6CCD3FC3C18D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{84D38385-057A-4BC9-86F0-829767124A7F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{858C00E8-8C63-4CA9-AC73-7F8033C69CBF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\tomb raider\tombraider.exe |
"{8652F6CC-F859-4FDE-9A1A-99B855B6B2E9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{8664942B-8BE9-4375-BF7F-46305342225D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rise of the argonauts\binaries\riseoftheargonauts.exe |
"{86834CAE-AAE3-4979-BF5D-FA0AED6E5266}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dirt showdown\showdown.exe |
"{86898631-D7D8-43F5-8CFF-A057FCB988A8}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe |
"{86CB8FD7-B5BF-44AC-A955-86F217167C7C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rise of the argonauts\binaries\riseoftheargonauts.exe |
"{8712E000-234D-4779-9B6E-CDDE21F60E7F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\guardians of middle-earth\x86\gome.exe |
"{8812E0B2-BB06-4F89-B545-AAFBC43587EE}" = protocol=17 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{88248AC1-82C3-469D-993B-7E1665F45C2F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\two worlds ii\twoworlds2.exe |
"{88FAC880-EE57-4D85-A131-E1CBF2A4976D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\garrysmod\hl2.exe |
"{899C68F6-FD70-4C34-A05D-DD3C36FE7101}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\expeditions conquistador\expeditions conquistador.exe |
"{89CDB45A-FAD2-4FBD-AA30-652657B78EFF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bad hotel\badhotel.exe |
"{8A2DD93A-B50B-4589-830C-14ED7FF7E97C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{8A87EB08-A46B-4F2F-BC32-52F65E4BA341}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8AF2B5A7-0A70-4E3E-A7E1-438FE3FD2345}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\papoyo\binaries\win32\pygame-win32-shipping.exe |
"{8C5179AC-AFA1-4510-8686-52D5FC254307}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{8CBA116F-B341-424E-A2F4-083DEF472192}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\jack_lumber\jacklumber.exe |
"{8CCBC766-3ACF-4E12-8458-0BCDC2610845}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8CF1D8D7-03FF-4B70-B0D1-BF0BB943D032}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\armatactics\armatactics.exe |
"{8D221EA2-06A6-4875-8CBE-8599A19DF4FD}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8D26F212-C1FD-4FA5-B2EB-EA7BAB3EF8EF}" = dir=out | name=@{microsoft.zunemusic_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{8D391B14-ACAD-4F41-8325-B1A4DB232114}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{8DDE84BE-7769-42EB-8B09-656F8122F0DD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{8DFD2E97-FE83-4474-BEFD-A27FBCC2E55F}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} |
"{8E89A747-F592-4559-9D14-A636A7343844}" = dir=out | name=iheartradio |
"{8F0532F9-A0F6-44D4-9BCD-DBFE8C34BD70}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{8F10BF1B-A3EF-4197-85D7-70A6C9E9B24E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{8F3D0C1D-481F-47E9-B903-A7C91D26BF9B}" = dir=out | name=skype |
"{8F689C18-0755-447F-AC61-BD574AB5BA7D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{8F7204C9-2F6E-4326-B677-D7E292741474}" = protocol=6 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{8FC7D207-4318-43DC-A8A7-2B6E729A9A34}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{907DA74F-34BC-42BA-A95A-50AA2D1A5067}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dust an elysian tail\dustaet.exe |
"{911A1D01-8809-4503-BFFD-30F83184DD0B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{919EB257-F31F-4AD7-B255-33C8B2C4794F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\carrier command gaea mission\carrier.exe |
"{91CF7C03-B3A2-4B8E-80BE-7347B6EE9BF0}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9253D7F8-27E1-42B3-9AE5-6D525DC60050}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{936772EB-4107-4C93-AA95-6761B65E871F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dirt 3\dirt3.exe |
"{9382242B-DEE2-4813-8E98-9DE0DF30DD35}" = protocol=6 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{93A7FD37-53C2-4C12-9FE0-C29A63689651}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{949E4921-157B-4643-B315-148132AAC6BB}" = protocol=6 | dir=in | app=g:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{95895CEB-19DF-47B8-B4AC-4097ECDAE626}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the swapper\theswapper.exe |
"{960B58EA-BA7F-48A4-9224-E588D3CF9555}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{96697DFA-C4F2-4B0C-AA0B-DA544FD60A86}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{96C09677-9072-4743-BB30-031CA92241C9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe |
"{96FD5B35-49D4-4152-A1BC-4A24DAF993A1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\eets_munchies\eets2.exe |
"{975153A4-3B8C-42D1-896C-1170F5BE73B1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the witcher 2\launcher.exe |
"{9859CDB7-CACF-49ED-BDBD-493F1791A44D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{98963831-B2B4-44A7-8D4D-F9C46D6FBC9C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\cities in motion 2\cim2.exe |
"{989BE1DF-6CDF-4337-BD6A-0354FB4CB030}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{98EE4F15-137F-4A3B-B7DF-99CE0C942210}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
"{99871D29-1CED-4559-BD65-6B5970AB0125}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\galaxy on fire 2 hd\gof2launcher.exe |
"{9A17910D-5511-4E18-BA3B-6CED8CAFAE3B}" = protocol=17 | dir=in | app=g:\games 2\lost planet 2\lp2dx11.exe |
"{9A517909-3AD9-4909-BC00-EB630762F00A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fez\fez_launchoptions.exe |
"{9A96375B-AD23-4BCE-913C-EFEF91401495}" = protocol=6 | dir=in | app=g:\games 2\the battle for middle-earth ™ ii\game.dat |
"{9AD2E55D-76B0-42F1-ABCE-AA41E323804F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\overlord ii\config.exe |
"{9B08BC15-8A88-4ADB-93FE-7563D6F50B35}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{9BB7A61B-DF94-4196-8290-A35759ADE3D5}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{9BDA8CF6-74F6-43BE-B4F7-A56A7F1BAE1C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\operation flashpoint dragon rising\ofdr.exe |
"{9C0C2E8F-8BF5-4A92-9E44-E8C058CA3529}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9C27F5BA-C712-458A-86E2-9E41DF7D8BDE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{9D03C422-53E8-44EA-AEEB-CA9DC75ED05E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9D672927-C794-4ACA-B01B-0B17F7234FEF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\operation flashpoint red river\redriverlauncher.exe |
"{9D84BEEA-6CE7-416F-973B-84F401EB9315}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ys i\ys1plus.exe |
"{9DBB3518-E149-4CBD-A588-FF3141288310}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9E733931-F715-4384-94D5-FA3210597F9D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\galactic civilizations i ultimate edition\altarianprophecy\galciv.exe |
"{9EC5816D-B1BC-4CAE-BF18-210560036B18}" = protocol=17 | dir=in | app=g:\games 2\lost planet 2\lp2dx9.exe |
"{9FE7B98C-1CD6-42B9-8D09-D4C8403BB047}" = protocol=6 | dir=in | app=c:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe |
"{9FF9B120-72A1-43D8-9C29-B91F5F37D1DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9FFBE08D-97F9-4F95-AB49-53E858F28CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A01646EB-442D-44F5-ADF1-63A15217D573}" = dir=out | name=@{microsoft.bingsports_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{A03B9451-4E37-496C-AB53-EAD482DAF6E6}" = dir=in | name=ping |
"{A0598269-410A-45E3-9C71-99CC09709FD4}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{A0780B00-9369-4651-BD69-54A72A4B959D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{A23A7B08-9978-4DCF-BB93-6356251A3BAD}" = dir=in | app=g:\games 2\darksouls\darksouls.exe |
"{A23CACE1-E0B8-47F9-B5CA-24781E927F0D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{A416957C-851C-4655-97C3-388B11628AF2}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{A457F3F8-03DB-4A1B-8BBE-04A93C3A0A8A}" = dir=out | name=f5 vpn |
"{A46D5C26-7B94-4330-AA95-CB88E160FB0A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\overlord ii\config.exe |
"{A573ACFF-A5FC-4B5B-8752-BEEDF1D708AC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\tomb raider\tombraider.exe |
"{A5DFD9A5-1D33-4213-AE8D-C64D9BF4C3D4}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\interstellar marines\interstellarmarines.exe |
"{A6400DCF-29DC-4246-8E15-A3CEFC47D3E5}" = dir=out | name=check point vpn |
"{A6686E31-E86F-4D74-B40E-ABC293C083AF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{A69AFFE7-B731-44F7-ADD1-93AC5DAA5862}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{A73E37E5-3DA7-49DA-BB84-2BDA7ADB8BE7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bittriprunner2\runner2.exe |
"{A79CB4D1-E62C-4E6B-80AD-9D994A28F57F}" = dir=out | name=windows_ie_ac_001 |
"{A8973B5E-CB72-4CC6-9FAE-E798740279F4}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A8BC5F20-7EEE-469A-8C68-AB8DCE03501E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{A9BBABA0-0CA2-4B92-8F2D-AAE254551500}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{AA90E439-D262-454D-AD9B-6ADB4149D3F0}" = dir=out | name=netflix |
"{ABCB3CFE-1000-4EFC-BAEA-D07CDA0438CA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{AC7651D3-CF8E-4797-8C69-339BEDB510D5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\renegade ops\renegadeops.exe |
"{AD458DE6-6B6C-497F-9B4B-D3B357A38168}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ys ii\ys2plus.exe |
"{ADBDED99-21AE-45AA-BAF9-6D86EF92FF6E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
"{ADFEE472-AB3B-4483-88F9-9EBADFAD5071}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\arma 2\arma2.exe |
"{AE13B8EA-6898-45E4-B3F1-4312B3DCDA03}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fez\fez.exe |
"{AE189F4A-CBD0-4E15-8265-3D6B7AB29D6C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\jagged alliance crossfire\jaggedalliancecf.exe |
"{AE4D5644-DDFE-4435-AF26-471B435F9888}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{AE5EEADB-0A16-488A-9ACA-020A2EE618D6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{AE6CBB57-D94F-4823-B5EB-710921C1A714}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{AE80E3E8-6E30-421B-B952-0643C03E72DD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{AEA039E0-631B-4549-A081-5AEEA35CB82F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{AFE4A617-E7DB-44F8-BCE0-1CCF3ED0A74D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rome total war gold\rometw.exe |
"{B044E374-E7A3-43C2-8925-D8BDD600701A}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B061CE24-42D2-4BD1-BB10-C2D6AF723999}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{B0DEA44F-11E4-47BA-BEB3-9B2906D61E82}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\docs\sf2_fid_manual.pdf |
"{B0E3809D-4950-41BB-883E-30C5A8CDF32F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{B1156CD4-7C73-4C5A-BF33-0177B7A3A88C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's ace patrol\acepatrol.exe |
"{B294E689-66CF-4802-B328-64F63C7EAE89}" = protocol=17 | dir=in | app=d:\games\planetside 2 beta\launchpad.exe |
"{B2FB0D5F-5970-457F-AF27-155A68A94C70}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\two worlds ii\twoworlds2.exe |
"{B32CECBA-28CF-4BAE-AEBC-10674960466D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\brutallegend\brutallegend.exe |
"{B372BE77-5A50-4732-94BF-DFAF9FBBE5FE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\scribblenauts\scribble.exe |
"{B387D940-6D9A-4907-A8D2-51556A93601F}" = protocol=17 | dir=in | app=g:\games 2\farcry 3\bin\fc3editor.exe |
"{B4403321-4FDF-42D6-833D-057E4347D6FC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{B4E8CCD2-5668-4CAE-8D83-6DC7F1591426}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{B57DCF95-6C77-4401-8664-E15A74F7C60D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\overlord ii\overlord2.exe |
"{B60F2C02-C165-4991-89DC-FE7FE038886B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\singularity\binaries\singularity.exe |
"{B6421CCF-F829-47E3-A10B-F738C8971795}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B64C95B2-1C43-4415-B7E7-F0E4779ECDB3}" = protocol=6 | dir=in | app=g:\games 2\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{B65B7BD8-2A12-48BA-B1A1-A79CA20CC1B9}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\arma 2\arma2.exe |
"{B6AE75A1-0F0B-49A3-A427-18459D04C848}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\overlord\config.exe |
"{B6D9F29A-6293-4F0A-BF54-543C7DBFEDCA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B74BDD71-915A-491C-952B-0EDEEED3AFAA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\galactic civilizations i ultimate edition\altarianprophecy\galciv.exe |
"{B78FFF82-8B3B-4673-B5DB-268FFF736430}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{B8B66BC2-85D5-4DFF-8E07-9AEB73D2D576}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\thunder wolves\thunderwolves.exe |
"{B97428A3-88CB-4AC5-8076-12758E2290FC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{BABAB7E3-1346-41DE-BDD5-88078402A159}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BADF8831-4FEA-4F86-A4E5-C6C056D17478}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{BAE72943-9889-4D17-840E-6FAE01FC7788}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{BC915955-AA01-4A0D-817B-745B64C5657A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{BCD134EB-FC69-4BF8-ABA1-552D23614615}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{BCDD86C4-DFFB-42AE-9C6C-B33966703E49}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{BD796603-294C-4EBD-A29C-7E5571CD2D55}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{BDA35A01-C7A1-4CA3-97AA-E8DE5EA51093}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bittriprunner2\runner2.exe |
"{BE3FE4FF-EA7F-45ED-A7EC-65D635C307C2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\doom 3 bfg edition\doom3bfg.exe |
"{C0225E4D-7367-4AB7-AEA0-D435F65D489C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\bad hotel\badhotel.exe |
"{C056BB35-1AE5-43F6-B846-B24124EAAB0C}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{C057E020-A295-4826-A8C7-4E19CAE1A775}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
"{C0BE7C20-59B0-49BB-8AE2-7D67D3843550}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{C14403DF-7A32-402A-9396-4EEC2D666876}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\docs\mapeditorfirststeps.pdf |
"{C1662FFB-F025-4041-B7A0-C01C2424B736}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{C1C483F2-2EBF-4D89-9343-AFEB951F7B63}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\spellforce2faithindestiny.exe |
"{C1F858C2-D9DA-4A50-B005-91F74BBD7F9F}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C2028541-28C4-470F-BB57-ED701CA7E878}" = protocol=17 | dir=out | app=g:\steam\steamapps\common\warframe\warframe.exe |
"{C22A258D-56F6-426A-8DC8-CB8CC23C2B4D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
"{C2438741-9AF2-4BBC-B843-908F0B3A3EEB}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{C321F182-58C6-4F31-A97A-686A3F9382C2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dragon commander\shipping\dcapp.exe |
"{C3AE9E9A-C41D-4446-8445-B99A7EAB448E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{C3F49C9E-E31C-45A4-BB91-4ACB676E1641}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C44FFE69-2F8C-46F3-BEAF-348ABD640B8E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\carrier command gaea mission\carrier.exe |
"{C5807D83-F5E5-4F57-90EF-14DD71A351B1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpointgemini\starpointgemini.exe |
"{C5C13E17-6239-4911-9BCA-282CF0BABB75}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\guardians of middle-earth\x86\gome.exe |
"{C6154AFE-30B2-44F0-BDC4-866D7A05716F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{C6CA28C9-284C-4035-BC43-FFCF2B7F0EA7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{C820E1A1-74E5-4763-B8E2-F45001A021FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C857C897-ACB7-4491-B5F1-7C173B9F796A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\natural selection 2\ns2.exe |
"{C8EC37BA-916A-44AC-9963-574F5017BC50}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
"{C8FDDFD3-C1B2-4D30-85C3-775D60668B73}" = protocol=17 | dir=in | app=c:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe |
"{C90AD9B7-4D42-4AAF-BE7B-6305A87F23C5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{C9DCCD24-C478-4CFE-9D20-07E10737D9CC}" = dir=out | name=@{microsoft.zunevideo_2.2.849.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{CA60CA4B-5C39-4D07-898D-F0D4EA45903B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\ys ii\ys2plus.exe |
"{CA6E5C2A-7455-4F35-8836-3661790F6610}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{CA879E29-8C79-494A-88B1-B8C12919A960}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\renegade ops\renegadeops.exe |
"{CAEA33D5-3A6E-4F46-B7FD-A1B62ED9601F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{CB7C2B99-F831-4274-A7EF-C2881DF7B726}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{CB8B9190-427C-42FB-9B04-40DECCB7829E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{CBED65BE-833B-4C72-9415-C6E0F5EA83DE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{CC2B427C-7E9F-47B0-BB5B-4F114BF534C9}" = protocol=6 | dir=in | app=g:\games 2\farcry 3\bin\farcry3.exe |
"{CCBCCEC1-A035-4B02-A917-A9476402BCCE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{CD873696-8A35-4D72-ABA5-2B198A1A5D8B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\galaxy on fire 2 hd\gof2launcher.exe |
"{CDB8BE61-995D-4B8B-9D8B-C438A956844B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\alpha prime\alphaprime.exe |
"{CE0ACEA9-4F21-4DC3-898A-21F3C6360F23}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\papoyo\binaries\win32\pygame-win32-shipping.exe |
"{CECFDF05-39A5-4EF7-B76B-A00F630AA46B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{CF3649F0-ECF9-4DBE-A406-CE30EBD8BE58}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ys i\ys1plus.exe |
"{CF372C31-EC6C-4ADC-BBA6-5CAAB0E0E3A6}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hero academy\heroacademy.exe |
"{CF88EF16-8688-45DF-AD7E-27771277C62B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{D06C1AA7-3FA4-40DD-A08B-7E9246DA0703}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{D0BD1A07-41DF-495A-BBC6-0DE51239C11F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\armatactics\armatactics.exe |
"{D181030F-5D5F-4910-9E7B-E34E66957E2A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{D1D5A89C-BB2B-4D86-A970-09E507790B06}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\bad hotel\badhotel.exe |
"{D26336FC-6800-4AB9-B62F-5A181C8F6320}" = dir=out | name=@{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D3316A80-CF84-4830-B17C-AD5ADBFBD6EF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\singularity\binaries\singularity.exe |
"{D35C5EAA-2EDA-4CCF-9525-7877AF7F9FB6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\war in the north\witn.exe |
"{D3D3E1CF-15A2-4423-83FA-256A8C9FF67A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{D45CF678-106E-4639-A5AF-A35A99483F2C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\arma gold\arma.exe |
"{D529A337-9CC2-4F47-895D-E874C910CAFA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\toki tori 2\tokitori2.exe |
"{D52BB053-B602-4E40-972F-74F8ED9EE2E8}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{D5BF75C4-1313-46A3-990B-B68E9F95432F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\natural selection 2\ns2.exe |
"{D5F5C34A-945A-46F6-ACC0-028C3CA30739}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\endless space\endlessspace.exe |
"{D644C671-7B4B-4CED-803B-22D24EC475C0}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D650ABB9-709C-4C69-8809-D14F88207AD3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\alpha prime\alphaprime.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D71EF9D8-526E-49B6-AE6F-2C5E439FAFE3}" = dir=in | name=skype |
"{D738830A-3570-4C76-9550-B48910E09A08}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\overlord ii\overlord2.exe |
"{D76608AB-E93F-486E-94CD-4713629145F6}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\typing of the dead overkill\hotd_ng.exe |
"{D7FE308A-FE77-4B34-BC85-7BF99C68A5C2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\interstellar marines\interstellarmarines.exe |
"{D806B1CB-CAE8-4284-AE30-F94E762C6F38}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D90C8F09-42ED-4CB8-A984-C07E74E1E6F2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\stardrive\stardrive.exe |
"{D90D08C4-7869-49C9-9192-476E75FB2A51}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
"{D93F5538-2810-4F5C-8661-A3868E094B3D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\antichamber\binaries\win32\udk.exe |
"{D9A2398E-01F3-42E9-A108-98C67DE61DA4}" = protocol=6 | dir=in | app=g:\games 2\farcry 3\bin\farcry3_d3d11.exe |
"{D9B0C73F-BF30-4101-8DBE-514F94FE5E93}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\take on helicopters\takeonh.exe |
"{DAF48E50-7EBD-49D8-82F2-B497B9D04CBC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\zeno clash 2\binaries\win32\zc2.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DCAFB745-0096-4D4D-8CA7-9A8CA46ED3A0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{DD729396-AACB-4F05-B996-27DD29FC92CB}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{DD7A6E8F-3A62-4A8E-8CC4-AF757CF7CD77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDF6737C-3658-4A3C-8FC6-D2CAD8A9E0C0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{DF406CDC-1D63-49B8-92B5-1A07E3EB0743}" = protocol=6 | dir=in | app=d:\games\planetside 2 beta\launchpad.exe |
"{DF8D63FF-AFF5-477B-8C3A-2DC00ED1E9EA}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{DF8F524C-D59F-435F-B1B3-16809B404480}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hardreset\hardreset.exe |
"{DFC7DD94-F249-4D7E-A1CB-7716DAB8DCFE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\endless space\endlessspace.exe |
"{DFF4FAE5-A802-48AD-8E99-A55D864F03CC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dead space\dead space.exe |
"{E06CAC57-42BA-4707-A3C4-116ADCF27588}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\alpha protocol\aplauncher.exe |
"{E13B58E5-4957-4F99-80B1-4821AC25BB64}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E15AB303-6A43-4CB1-82F7-DC2B20C397EE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{E21058B5-58F7-4E91-8EED-645ED84A68E2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{E2946BD2-F37C-4B2C-82E4-1C025D7C3ED8}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\warframe\tools\launcher.exe |
"{E345C3B3-1530-4789-B914-B0EA7A7D8F33}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's railroads\railroads.exe |
"{E3C7183A-0865-47A4-BBE1-12D1054FC9C9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{E47A41EE-FC7D-4DCA-A0AA-374659AC7FA5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\gemini rue\reslists\gemini rue.exe |
"{E4E1F1B9-CE82-4494-8652-10D38002B889}" = protocol=17 | dir=in | app=g:\games 2\the battle for middle-earth ™ ii\game.dat |
"{E60CE6FC-361A-457A-B403-4CC9C8AC0B17}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\spellforce 2 - faith in destiny\spellforce2faithindestinyeditor.exe |
"{E624001E-245F-4AFA-AF8D-E1D1761C3435}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\joe danger 2 the movie\bin\jd2launcher.exe |
"{E62DBD50-D453-4216-A5D0-0113C614954A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe |
"{E650C0F6-ABBD-4995-A621-43EEE101CCA9}" = protocol=17 | dir=in | app=g:\games 2\farcry 3\bin\farcry3_d3d11.exe |
"{E6EA214F-AFDD-445E-9BCD-5DEA701D6624}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E7673301-A189-41F3-AA29-9CAB97CA8294}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7A1BE48-62CE-43C6-B92A-9B8133A46364}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{E8CDFC2D-563E-40F8-99C0-929B47DE66FD}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\ys i\config.exe |
"{E9177EF0-6B19-4CD4-909E-4421E8B07140}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\starpoint gemini 2\starpointgemini2.exe |
"{EAD5C7DC-9ADD-499B-AF3E-E4FD1AF643D8}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{EAE2C894-6648-44EF-8D49-CCD157779EDB}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{EAEE521D-FBF6-43EE-86C7-7BB1CC287BA8}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\a virus named tom\avnt.exe |
"{EB486599-3622-49D0-9CF7-5A2591BDEEC8}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{EBE8C3F4-A562-4C12-B69F-F4FED85243BF}" = dir=in | app=c:\users\rsubr_000\appdata\local\microsoft\skydrive\skydrive.exe |
"{EC1D38CE-5D25-46C9-80D2-7CD50BF924EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ECD481A3-E775-4086-9477-20D2E515A57A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dragon commander\shipping\dcapp.exe |
"{ECF11B6A-CCB6-44D6-914D-D78BF7BFE894}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{ED30F54E-720E-4070-A332-3644883629FE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dust an elysian tail\dustaet.exe |
"{ED5322E6-A9BE-46A9-9FCF-34ED894F42C5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hawken\binaries\win32\hawkengame-win32-shipping.exe |
"{ED538E11-CB97-40B0-B12B-661C6D11E1ED}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe |
"{ED5C0F6E-3407-4FF7-8CF1-7BC6627D3A02}" = protocol=6 | dir=out | app=system |
"{ED8BF278-AAA7-4139-964E-B5B7F54B8080}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{EDFEF6FD-E275-4361-AC65-EA2F921D3B4A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\binary domain\binarydomain.exe |
"{EE851C9C-E83B-43FD-A7A1-7304A8105BDC}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rocketbirds_hardboiled\game.exe |
"{EEC135F6-C8DB-4A4D-9FD7-D4AA37A25503}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\rome total war gold\rometw.exe |
"{EF805846-E3CE-439B-B564-7F1A9FEE4332}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\tomb raider\tombraider.exe |
"{F0B2FD58-2A6A-4FD8-BA51-66059090A7C1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{F2B05D80-E0D7-4AAE-8EED-D4E1647DF178}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{F2D107BE-00B4-495E-A3BE-0A679BA84491}" = dir=out | name=@{microsoft.bingfinance_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{F2E9F4FC-43BF-44CC-BE2A-5BAE6CD4CD65}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{F3CE7DA0-E991-469B-80A4-EEF4B6B40A57}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\medieval ii total war\launcher.exe |
"{F3DC34FE-2F54-498F-BBBE-FEEB9572B7BF}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{F3E49FD8-85AF-4192-8368-59E6B0819EA5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fez\fez.exe |
"{F42F4683-A56A-4581-B25D-D566310796E8}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F4FC8036-DCAC-406F-B052-99754F4860C0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\magicka\magicka.exe |
"{F52CEFD8-D3DA-4B9A-BC68-598712BC88FD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\joe danger 2 the movie\bin\jd2launcher.exe |
"{F54E7FE3-066D-4EC5-8545-14F8ACAC4AE1}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's railroads\railroads.exe |
"{F5535BA5-BAC1-4C9E-91D7-51C9E5A5B92F}" = protocol=6 | dir=in | app=g:\games 2\lost planet 2\lp2dx11.exe |
"{F600A109-54E3-4AC6-AE46-C86071BFB6E2}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fear2\fear2.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6D38E7D-1817-4F26-A870-FB55C252806F}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{F74B12DD-35B8-441C-8BC2-E3A4DC84DD21}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\solar 2\solar2.exe |
"{F74BEA35-0EC6-45A3-83F7-35F459C70E82}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\air conflicts - pacific carriers\acpc.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F7C274D2-FC59-424E-93ED-B9C8A8E152A8}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{F7EB4F13-B523-48CF-97CF-8B90C427A3F3}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F8DB92A6-AD83-4114-AA8D-6C9878E29E3C}" = protocol=17 | dir=in | app=g:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{F8F2798C-38A9-4A8A-B545-D548FFD63A98}" = dir=out | name=@{microsoft.remotedesktop_6.3.9600.16419_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |
"{F91BEEF2-8479-496C-86A3-25C2829BB836}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\toki tori 2\tokitori2.exe |
"{FA7FF952-76FE-41B7-ADAD-584764B067A6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\cities in motion 2\cim2.exe |
"{FB08FEB8-2B0D-490C-93C5-85E3B7B7E77E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hell yeah\hellyeah.exe |
"{FB617D47-714A-428A-AB31-E8BE05E7A19D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\take on helicopters\takeonh.exe |
"{FB61F2CD-F5E8-4072-89BF-15E2A57A7E60}" = protocol=17 | dir=in | app=g:\games 2\farcry 3\bin\fc3updater.exe |
"{FBC7E189-DE22-406D-B6C3-2B29B40CE854}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{FD3E1387-731E-409E-8893-E820132CA4A0}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{FDCA5B65-A04D-4ACD-B3BA-4B9CC92845BE}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{FE0582CD-552D-4DCC-B376-19F59285889E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{FEA8EB70-0EA4-4368-B42A-82A02F4B5A56}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\starforge\starforge.exe |
"{FED7AA01-31B7-4854-9AF9-544C01E9C545}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{FEFAA07C-ED91-4849-9E7D-0EA085653B75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF7B8BEE-A9DE-4AF9-848F-D020D373F2C5}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\a virus named tom\avnt.exe |
"{FFC0DCAC-0774-4244-B08E-C0D43C8B7951}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\air conflicts - pacific carriers\configure.exe |
"TCP Query User{03A01510-EACA-46A0-BA72-DECE69F0BD60}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{07987030-5119-422C-B75D-77B59F23850B}G:\games 2\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=g:\games 2\crysis 2\bin32\crysis2.exe |
"TCP Query User{0ADA52E1-4906-457D-BD74-E020CE97B35F}D:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=6 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"TCP Query User{0B843C09-11F8-45CC-9194-6EB2C110936F}D:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{0BC94FAB-5E44-46D8-ACE0-7633B209A06F}G:\games 2\resident evil 6\bh6.exe" = protocol=6 | dir=in | app=g:\games 2\resident evil 6\bh6.exe |
"TCP Query User{11077A4E-AE56-4783-9305-6555C0C9A20C}G:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{12194E74-C838-4498-888D-6C5307F7FAAC}G:\games 2\forged alliance forever\faforever.exe" = protocol=6 | dir=in | app=g:\games 2\forged alliance forever\faforever.exe |
"TCP Query User{1B4FE89D-8D30-40EA-959D-57BDE9F13A1E}G:\games 2\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=6 | dir=in | app=g:\games 2\xcom enemy unknown\binaries\win32\xcomgame.exe |
"TCP Query User{243E9DA7-02F9-433F-AFD8-78CB3B4B4211}G:\games 2\warlords battlecry iii\battlecry iii.exe" = protocol=6 | dir=in | app=g:\games 2\warlords battlecry iii\battlecry iii.exe |
"TCP Query User{3836B992-23BE-420E-89E3-FB58E56C581B}G:\games 2\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=g:\games 2\dawn of war\w40kwa.exe |
"TCP Query User{3A5CCE43-9667-46C2-8599-F9AD9CF37A6C}G:\program files (x86)\advanced tactical center\atc.exe" = protocol=6 | dir=in | app=g:\program files (x86)\advanced tactical center\atc.exe |
"TCP Query User{3E04DA27-82CC-46C8-8047-DCE82E00663E}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{456C2228-2FF6-48D9-A391-36F940646FF2}G:\games 2\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=g:\games 2\need for speed most wanted\nfs13.exe |
"TCP Query User{54A3586B-A6A3-4470-9291-62DA71D826A7}G:\games 2\strike suit infinity\pc\main\binary\ssz.exe" = protocol=6 | dir=in | app=g:\games 2\strike suit infinity\pc\main\binary\ssz.exe |
"TCP Query User{595460AA-C6E9-44B2-9080-0F8E870688D3}G:\games 2\metro last light\metrollbenchmark.exe" = protocol=6 | dir=in | app=g:\games 2\metro last light\metrollbenchmark.exe |
"TCP Query User{5B26DEB5-0656-42D7-8806-19D08017EA5B}G:\games 2\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=g:\games 2\shadowrun returns\shadowrun.exe |
"TCP Query User{5D912555-E53E-41DA-84D2-5732CBC47833}G:\games 2\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=6 | dir=in | app=g:\games 2\warhammer 40000 dawn of war ii - chaos rising\dow2.exe |
"TCP Query User{654706F6-B69F-45F2-88FC-394B251C01A3}D:\games\sto\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\games\sto\star trek online\live\gameclient.exe |
"TCP Query User{6A324FB5-2368-4231-BAFC-6BFD9AE23C2B}G:\games 2\dawn of war ii - retribution\dow2.exe" = protocol=6 | dir=in | app=g:\games 2\dawn of war ii - retribution\dow2.exe |
"TCP Query User{6E2FA361-8D49-492E-BB0F-9E5626438CAF}D:\games\tom clancy's h.a.w.x\hawx_dx10.exe" = protocol=6 | dir=in | app=d:\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"TCP Query User{77493CC8-FA03-4501-ADBB-B501E70AA875}G:\games 2\strikesuitzero\pc\main\binary\ssz.exe" = protocol=6 | dir=in | app=g:\games 2\strikesuitzero\pc\main\binary\ssz.exe |
"TCP Query User{7A663D93-358A-452C-8C00-190ECBAAEB31}G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{7BAA39BD-9DC8-45C6-9FC8-F530BC60EC08}G:\games 2\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=g:\games 2\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{7CAD4E1F-3787-4800-A304-5EEFE3F867F4}G:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{7D071FE6-6711-4BD2-9B63-9A5C99198AC4}G:\games 2\dawn of war\w40k.exe" = protocol=6 | dir=in | app=g:\games 2\dawn of war\w40k.exe |
"TCP Query User{7E597618-9C5D-4235-A839-63DC3E0C47B0}G:\games 2\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=g:\games 2\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{7FCAE425-58D9-4A8B-AC54-71145F35A0BF}C:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{81D456C4-3D9A-4C0D-AC74-469C12AAF586}G:\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"TCP Query User{92FF156E-D61F-4A3B-A45D-0A73AF43AAF4}G:\games 2\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=g:\games 2\the witcher 2 enhanced edition\bin\witcher2.exe |
"TCP Query User{93F30477-6F92-4887-A971-DA4D9A61DE4B}G:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{95C2D5F2-87F7-4314-A8C0-E6A30DC77C1F}D:\program files (x86)\bitcomet\bitcomet_x64.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcomet\bitcomet_x64.exe |
"TCP Query User{9B8CA31B-98BF-4076-8E87-1456A39C1508}D:\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=6 | dir=in | app=d:\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
"TCP Query User{9DF33755-BBE1-43AC-8445-3FB18819F7EA}G:\games 2\star conflict\launcher.exe" = protocol=6 | dir=in | app=g:\games 2\star conflict\launcher.exe |
"TCP Query User{9EF3A8F5-E0F2-4EF2-A555-DA25E2156C60}G:\games 2\mechwarrior 4 vengeance\mw4.exe" = protocol=6 | dir=in | app=g:\games 2\mechwarrior 4 vengeance\mw4.exe |
"TCP Query User{A0D05F90-96B7-4037-8ED2-BC3B24DBF61B}G:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"TCP Query User{A1646096-EE08-4555-9101-2B05D7DF5C2E}D:\games\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{A6409809-C57B-441A-B6FB-B9D0BDACECB6}C:\users\rsubr_000\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\rsubr_000\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{A94874F7-EE2A-4795-BACA-63DF46A26F2A}G:\games 2\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=g:\games 2\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{AA3BA765-8A0E-49A0-9F7B-3C1DC81EC9D7}G:\steam\steam.exe" = protocol=6 | dir=in | app=g:\steam\steam.exe |
"TCP Query User{B71E1DA8-980E-45FD-90FC-56DB6A7699EF}G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{B9A57FBD-A417-44D4-B096-AFDC53928885}D:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe |
"TCP Query User{C95A3F60-AF97-49D9-83CE-F587A4B85D9F}G:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{D337DE78-48D4-44C7-BF4E-34C41CC13B01}G:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{D5AD947B-3806-4030-AB52-F60231E654BB}G:\games 2\crysis wars\bin64\crysis.exe" = protocol=6 | dir=in | app=g:\games 2\crysis wars\bin64\crysis.exe |
"TCP Query User{DAD7FF9B-B16F-4CBB-8223-899364E7B57E}G:\games 2\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=g:\games 2\planetside 2\planetside2.exe |
"TCP Query User{E0621A44-E3FC-4B2F-B882-116A426747FC}G:\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe |
"TCP Query User{EFC8EA00-79CE-4AEE-81D9-54659EA926B5}D:\games\mechwarrior 4 mercs\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=d:\games\mechwarrior 4 mercs\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{F0016781-DEB6-4A8B-8106-4BFFD2A13BAD}G:\games 2\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=g:\games 2\shift 2 unleashed\shift2u.exe |
"TCP Query User{F56F11F2-93B1-46FE-A747-F176D915CD8B}G:\games 2\mechwarrior 4 vengeance\mw4x\mw4x.exe" = protocol=6 | dir=in | app=g:\games 2\mechwarrior 4 vengeance\mw4x\mw4x.exe |
"TCP Query User{FB1E455B-0653-4335-B74D-C67730685C20}G:\games 2\mechcommander2\mc2rel.exe" = protocol=6 | dir=in | app=g:\games 2\mechcommander2\mc2rel.exe |
"TCP Query User{FC0882A9-A25D-4342-8A47-EEE3ABA2CA07}C:\programdata\faforever\bin\forgedalliance.exe" = protocol=6 | dir=in | app=c:\programdata\faforever\bin\forgedalliance.exe |
"UDP Query User{00DCD24A-86E2-4E42-B58C-52A76D461067}G:\games 2\forged alliance forever\faforever.exe" = protocol=17 | dir=in | app=g:\games 2\forged alliance forever\faforever.exe |
"UDP Query User{16E90C9D-CB27-42DD-8BA9-2866789C6235}G:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"UDP Query User{199F52A1-5D2E-41B2-B315-D75F93F2E27E}G:\games 2\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=g:\games 2\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{1C774B0A-0CED-481D-9881-6717299EB07B}G:\games 2\warhammer 40000 dawn of war ii - chaos rising\dow2.exe" = protocol=17 | dir=in | app=g:\games 2\warhammer 40000 dawn of war ii - chaos rising\dow2.exe |
"UDP Query User{2BB2F65C-8ADD-470D-968A-1E49BD4ADFA0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3524487C-F51E-45DA-9619-9952E1B3C0CB}G:\games 2\strikesuitzero\pc\main\binary\ssz.exe" = protocol=17 | dir=in | app=g:\games 2\strikesuitzero\pc\main\binary\ssz.exe |
"UDP Query User{37F0BE78-6EA6-48AB-A676-83A367050A8A}G:\program files (x86)\advanced tactical center\atc.exe" = protocol=17 | dir=in | app=g:\program files (x86)\advanced tactical center\atc.exe |
"UDP Query User{38608DEF-47B4-4481-BCA6-A0BB544B1464}D:\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=17 | dir=in | app=d:\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
"UDP Query User{3E53D657-4B3F-4F7F-BF63-D7FE54EDEF2B}G:\games 2\mechwarrior 4 vengeance\mw4x\mw4x.exe" = protocol=17 | dir=in | app=g:\games 2\mechwarrior 4 vengeance\mw4x\mw4x.exe |
"UDP Query User{442B1B5E-43E6-4AC7-A6E2-88BD2E8A5625}G:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{45E5B808-984A-4753-B0AA-EF12989B3687}G:\games 2\resident evil 6\bh6.exe" = protocol=17 | dir=in | app=g:\games 2\resident evil 6\bh6.exe |
"UDP Query User{487D5DFF-A66B-4432-A7C0-BA940E18733E}G:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{526373FF-AF16-4F3B-9E84-715D07697DEB}G:\games 2\mechcommander2\mc2rel.exe" = protocol=17 | dir=in | app=g:\games 2\mechcommander2\mc2rel.exe |
"UDP Query User{5A326DD5-8E34-43EF-A2E9-4A570FA49706}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{5A6247CA-2B26-4EA3-94F1-E72C7BAB6FFC}G:\games 2\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=g:\games 2\planetside 2\planetside2.exe |
"UDP Query User{5E5F086E-C722-488B-844F-D1EA9E5CF47F}D:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe |
"UDP Query User{6869A668-4025-4333-AA7F-7B2057C8FB06}G:\steam\steam.exe" = protocol=17 | dir=in | app=g:\steam\steam.exe |
"UDP Query User{6C083631-4A68-46A7-9C36-4C06489F1C92}G:\games 2\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=g:\games 2\dawn of war\w40kwa.exe |
"UDP Query User{6CAA94D7-3F57-43E4-AF87-F4BD7E98D699}G:\games 2\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=g:\games 2\need for speed most wanted\nfs13.exe |
"UDP Query User{7114C8E2-2CEA-46BC-929F-AE498E53919D}G:\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"UDP Query User{772F1E76-A027-4A1D-8A03-F0C3B24DF92E}G:\games 2\strike suit infinity\pc\main\binary\ssz.exe" = protocol=17 | dir=in | app=g:\games 2\strike suit infinity\pc\main\binary\ssz.exe |
"UDP Query User{876D7828-AECA-4A11-9F27-B3C89B7E44E4}G:\games 2\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=g:\games 2\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{88E78771-7189-4EDB-B14D-E1F477B9AD6F}G:\games 2\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=g:\games 2\shift 2 unleashed\shift2u.exe |
"UDP Query User{89FFF579-D9B1-4AB0-AB0C-F00EC2B3D2C9}G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{94B42D85-7874-4EBC-8F29-C49A88E778E3}G:\games 2\dawn of war\w40k.exe" = protocol=17 | dir=in | app=g:\games 2\dawn of war\w40k.exe |
"UDP Query User{9CE84182-AD4C-4387-AEF8-840624ED0E89}D:\games\mechwarrior 4 mercs\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=d:\games\mechwarrior 4 mercs\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{A2C39D3A-2706-46E5-91BF-40468AEE9F90}D:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=17 | dir=in | app=d:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"UDP Query User{A9C03C99-C460-499B-9B15-75AE650632F9}C:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rsubr_000\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AE908646-86A8-43F8-99A6-819A8E498117}G:\games 2\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=g:\games 2\crysis 2\bin32\crysis2.exe |
"UDP Query User{AF359CF1-3C00-4A69-B438-F30F168A38FA}G:\games 2\metro last light\metrollbenchmark.exe" = protocol=17 | dir=in | app=g:\games 2\metro last light\metrollbenchmark.exe |
"UDP Query User{B562C9A7-1875-415A-876E-780752C3802E}G:\games 2\dawn of war ii - retribution\dow2.exe" = protocol=17 | dir=in | app=g:\games 2\dawn of war ii - retribution\dow2.exe |
"UDP Query User{B83DAFF9-A274-4FC6-B045-80FF5FCEEB34}G:\games 2\crysis wars\bin64\crysis.exe" = protocol=17 | dir=in | app=g:\games 2\crysis wars\bin64\crysis.exe |
"UDP Query User{C6C81C59-D4F5-4C5E-83C3-CD6B898FADBB}D:\games\tom clancy's h.a.w.x\hawx_dx10.exe" = protocol=17 | dir=in | app=d:\games\tom clancy's h.a.w.x\hawx_dx10.exe |
"UDP Query User{CC0D8106-0186-4662-8924-6FDDDD1D62EF}D:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{CCD210E7-CA83-433C-A9B7-66B08E007DFE}G:\games 2\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=g:\games 2\shadowrun returns\shadowrun.exe |
"UDP Query User{CE82B824-053C-4F4E-B447-005A794CDD62}G:\games 2\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=g:\games 2\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{CF537C4C-7774-41DF-BF0F-2255AEDBBAFA}G:\games 2\mechwarrior 4 vengeance\mw4.exe" = protocol=17 | dir=in | app=g:\games 2\mechwarrior 4 vengeance\mw4.exe |
"UDP Query User{D3464BA6-3F67-4607-B421-F7FC68DAECD2}G:\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe |
"UDP Query User{DC3C20A6-6B4A-4BFD-8C16-5D41914FB02A}G:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{E25AF6B2-B109-4427-9803-E6F8163877F6}G:\games 2\warlords battlecry iii\battlecry iii.exe" = protocol=17 | dir=in | app=g:\games 2\warlords battlecry iii\battlecry iii.exe |
"UDP Query User{E5616DF5-1BF3-45CB-997B-965D1DC7F16A}D:\program files (x86)\bitcomet\bitcomet_x64.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcomet\bitcomet_x64.exe |
"UDP Query User{E60F3B6B-D727-4622-8EE5-9AB2CC08071E}C:\programdata\faforever\bin\forgedalliance.exe" = protocol=17 | dir=in | app=c:\programdata\faforever\bin\forgedalliance.exe |
"UDP Query User{E8AB52EA-3BA2-4CEE-B8AC-29F173B622B3}G:\games 2\star conflict\launcher.exe" = protocol=17 | dir=in | app=g:\games 2\star conflict\launcher.exe |
"UDP Query User{EACAF9C1-3573-4EB7-82D0-2090EC289B76}G:\games 2\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=17 | dir=in | app=g:\games 2\xcom enemy unknown\binaries\win32\xcomgame.exe |
"UDP Query User{ED2F89F6-A509-4681-AC20-37E9BBF26ACB}D:\games\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{F03BA8AB-AE94-44AB-9026-F79290CBFEA9}G:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{F5C2D2C5-1B04-4400-9A14-3885F7A9F34F}G:\games 2\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=g:\games 2\the witcher 2 enhanced edition\bin\witcher2.exe |
"UDP Query User{F7553BE5-7ACA-4BAC-9000-CA130D56CF8F}C:\users\rsubr_000\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\rsubr_000\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{F903754A-3D3F-41BB-9B6A-6972802B4A64}D:\games\sto\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\games\sto\star trek online\live\gameclient.exe |
"UDP Query User{FA5ADBFE-F602-4D23-9DF6-9476B8621E05}G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{FB793B71-2AD5-4F37-8BDE-87919F521F99}G:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0d78370e-4086-4292-a82e-f920135dcee4}.sdb" = SCHTHACK PSOBB Compatibility Database
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series" = Canon MX450 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2A91ED4C-888B-4681-90E0-65E8253D0589}" = AMD Accelerated Video Transcoding
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.3 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{853A112F-241F-E344-4636-103C25D3751E}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E2F2429-8A64-C1E6-9954-B9CD0E6E5B94}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"GIMP-2_is1" = GIMP 2.8.10
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E085F7-9C7D-ED44-E274-79F1B94B0213}" = AMD Catalyst Control Center
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{065C1886-2327-C8C4-9FB9-52F1D1EF4F0C}" = CCC Help Czech
"{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1" = Resident Evil 6 version 5.1
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0EDF5677-90CC-48ED-AE4A-E3215DBBAFB3}" = Dark Tides
"{148971EC-8755-A666-D384-8F2E9E8B0DC8}" = Application Profiles
"{16F61451-D105-9900-7143-F079A8EB4B87}" = CCC Help Italian
"{16FE6596-ACEE-4D39-96E2-44DA467C67D5}" = CCC Help Turkish
"{18C94B21-9C7B-11D0-933A-00608CEA7318}_is1" = 1.0.2
"{18C94B21-9C7B-11D0-933A-00608CEA8323}_is1" = ULTIMATE MOD 4
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BF33F24-C325-A2AF-FAAC-146425E842E6}" = CCC Help Chinese Standard
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{21eeea86-7336-41fd-8850-69ef7a4a2c25}" = MWO Public Test
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.2
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{2B5B65DD-3A5A-4534-2CF3-7093F840C029}" = CCC Help Chinese Traditional
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3E5E50B8-DCE3-81F1-2845-E629967806A4}" = CCC Help Danish
"{3F1BE173-985E-2D22-D05D-57501B6BE15D}" = CCC Help Polish
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4269B3FC-BAC3-1003-7017-124E46A34215}" = CCC Help Swedish
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{46CDDE4F-31B2-47D1-8245-932679506882}_is1" = Lost Planet 2
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5A6AE3A7-F009-EACA-9CD9-FECFA7A5D006}" = CCC Help Portuguese
"{5C932318-C615-42AC-95A1-F7342CBDAD8F}" = MWO Public Test
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6AD0A631-7175-7D03-0F9C-5177FADF662E}" = CCC Help Norwegian
"{701CFF59-993C-FB5C-07FD-FD35956F45C0}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{72067FCF-7FC0-287C-D1D5-B8282D3F5786}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75DC325B-DF18-51B5-ABDF-017B7398192B}" = CCC Help Korean
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8446E834-4E29-2030-FCC5-9E698053C3A9}" = CCC Help Hungarian
"{8A54160B-1214-2527-9F43-0F2472B0EAAC}" = CCC Help Japanese
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1B17E3-3A7F-915D-1381-F01152245E48}" = CCC Help French
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed ® III
"{9E84474A-52BA-869A-A5A2-2468D8458C25}" = CCC Help Finnish
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B3607DA3-FAD2-512D-BB64-96DC56DD572B}" = CCC Help Russian
"{B7A1F6F7-23F2-E77B-76B7-F6BAF1FB7C9E}" = CCC Help Spanish
"{B91BFA75-E073-4FDC-A6C2-5FF1831DECD3}_is1" = Mechwarior Living Legends 0.7.1 plus Crysis Wars Trial 1.5 version 1.1
"{BB377379-D9C0-C2A4-E7D3-CCC17732DCB4}" = Catalyst Control Center InstallProxy
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C02138E3-6E9A-4D3B-8E1B-6840A8D7C279}" = Forged Alliance Forever
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E03FC0BC-D07E-F2F3-CF09-7095730FB394}" = Catalyst Control Center Localization All
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E2AA4269-75C6-3B94-4F71-B38F80F74054}" = Catalyst Control Center Graphics Previews Common
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EC33FEB3-8439-5CC9-51C2-3F881D405F54}" = CCC Help Dutch
"{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1" = Fleet Operations version 3.2.7
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E91560-5990-939E-56BE-C4DEF1D3944C}" = CCC Help English
"{F6F15368-A80D-3741-EBD7-0474649CAEF7}" = CCC Help Thai
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 2.6.0b
"ACE COMBAT ASSAULT HORIZON Enhanced Edition_is1" = ACE COMBAT ASSAULT HORIZON Enhanced Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"ATC_is1" = Advanced Tactical Center™ 1.12
"Baldur's Gate - Enhanced Edition_is1" = Baldur's Gate - Enhanced Edition
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Batman.Arkham Origins + 1 DLC_is1" = Batman.Arkham Origins + 1 DLC
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A1" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BioShock Infinite_is1" = BioShock Infinite
"Birth of the Federation" = Birth of the Federation
"BitComet" = BitComet 1.35
"Blackboard IM" = Blackboard IM 4.1.0-C
"BloodRayne 1_is1" = BloodRayne 1
"BloodRayne 2_is1" = BloodRayne 2
"BOSS" = BOSS
"Bridge Commander" = Star Trek Bridge Commander
"CDisplayEx_is1" = CDisplayEx 1.8
"Dark Souls II_is1" = Dark Souls II
"Darksiders 2_is1" = Darksiders 2, âåðñèÿ 1.01
"Dead Space 3_R.G. Mechanics_is1" = Dead Space 3
"Deadpool_is1" = Deadpool
"Deus Ex Human Revolution - The Missing Link_is1" = Deus Ex Human Revolution - The Missing Link
"Dishonored_is1" = Dishonored
"DivX Codec" = DivX Codec
"DMC Devi May Cry © Capcom_is1" = DMC Devi May Cry © Capcom version 1
"Endless Space - Disharmony_is1" = Endless Space - Disharmony
"Endless.Space_is1" = Endless.Space
"ESN Sonar-0.70.4" = ESN Sonar
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"GOGPACKFALLOUT2_is1" = Fallout 2
"GOGPACKHOAE_is1" = Heroes of Annihilated Empires
"GOGPACKIL2_is1" = IL-2 Sturmovik 1946
"Google Chrome" = Google Chrome
"Homeworld2" = Homeworld2
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"Jagged Alliance 2 English_is1" = Jagged Alliance 2
"Jagged Alliance Collectors Bundle_is1" = Jagged Alliance Collectors Bundle
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Kobayashi Maru PIMPED" = Kobayashi Maru PIMPED
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MechCommander2 1.0" = Microsoft MechCommander 2
"MechWarrior 3" = MechWarrior 3
"MechWarrior Black Knight" = MechWarrior Black Knight
"MechWarrior Clan Pak" = Clan 'Mech Pak
"MechWarrior IS Pak" = Inner Sphere 'Mech Pak
"MechWarrior Vengeance" = MechWarrior Vengeance
"Media Player Classic" = Media Player Classic fr
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NewWrlds" = NewWrlds
"Notepad++" = Notepad++
"OCCT" = OCCT 4.4.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SCHTHACK PSOBB" = SCHTHACK PSOBB
"Scribblenauts Unmasked A DC Comics Adventure_is1" = Scribblenauts Unmasked A DC Comics Adventure
"Shadowrun Returns_is1" = Shadowrun Returns
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"Star Trek Armada II" = Star Trek Armada II
"Star Trek Starfleet Command III" = Star Trek Starfleet Command III
"Star Wars The Force Unleashed" = Star Wars The Force Unleashed
"StarConflictLauncher_is1" = Star Conflict Launcher 1.0.1.17
"StarDrive_is1" = StarDrive
"Steam App 102600" = Orcs Must Die!
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 108110" = Starpoint Gemini
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 110800" = L.A. Noire
"Steam App 111900" = Guardians of Middle-earth
"Steam App 11450" = Overlord
"Steam App 1250" = Killing Floor
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12770" = Rise of the Argonauts
"Steam App 12810" = Overlord II
"Steam App 12830" = Operation Flashpoint: Dragon Rising
"Steam App 15560" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 200940" = Sonic CD
"Steam App 201420" = Toki Tori 2+
"Steam App 201700" = DiRT Showdown
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 203160" = Tomb Raider
"Steam App 203750" = Binary Domain
"Steam App 204100" = Max Payne 3
"Steam App 204300" = Awesomenauts
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 205230" = Hell Yeah!
"Steam App 205350" = Mortal Kombat Kollection
"Steam App 205810" = Jagged Alliance: Crossfire
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 206440" = To the Moon
"Steam App 207650" = A Virus Named TOM
"Steam App 207790" = Jane's Advanced Strike Fighters
"Steam App 208140" = Endless Space
"Steam App 208200" = DOOM 3: BFG Edition
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 209270" = Hero Academy
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 21090" = F.E.A.R.
"Steam App 21100" = F.E.A.R. 3
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 211820" = Starbound
"Steam App 212010" = Galaxy on Fire 2™ Full HD
"Steam App 212480" = Sonic & All-Stars Racing Transformed
"Steam App 212680" = FTL: Faster Than Light
"Steam App 214150" = Galactic Civilizations I: Ultimate Edition
"Steam App 214550" = Eets Munchies
"Steam App 214560" = Mark of the Ninja
"Steam App 214770" = Guacamelee! Gold Edition
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 214910" = Air Conflicts: Pacific Carriers
"Steam App 215510" = Rocketbirds: Hardboiled Chicken
"Steam App 215690" = Zeno Clash 2
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 219780" = Divinity 2: Developer's Cut
"Steam App 219890" = Antichamber
"Steam App 220660" = StarDrive
"Steam App 220900" = Jack Lumber
"Steam App 221260" = Little Inferno
"Steam App 221640" = Super Hexagon
"Steam App 22200" = Zeno Clash
"Steam App 22230" = Rock of Ages
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 22380" = Fallout: New Vegas
"Steam App 223810" = Ys I
"Steam App 223870" = Ys II
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 224760" = FEZ
"Steam App 224780" = Rising Storm Beta
"Steam App 224860" = Arma Tactics
"Steam App 225260" = Brütal Legend
"Steam App 225420" = Cities in Motion 2
"Steam App 227080" = Papo & Yo
"Steam App 227680" = StarForge Alpha
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 230170" = Divinity: Dragon Commander Beta
"Steam App 230410" = Warframe
"Steam App 231160" = The Swapper
"Steam App 231720" = Bad Hotel
"Steam App 232970" = Thunder Wolves
"Steam App 233720" = Surgeon Simulator 2013
"Steam App 236090" = Dust: An Elysian Tail
"Steam App 236150" = Starpoint Gemini 2
"Steam App 236370" = Interstellar Marines
"Steam App 236730" = Anomaly 2
"Steam App 237430" = Expeditions: Conquistador
"Steam App 237950" = UFO: Afterlight
"Steam App 238210" = System Shock 2
"Steam App 238960" = Path of Exile
"Steam App 241600" = Rogue Legacy
"Steam App 242110" = Joe Danger 2: The Movie
"Steam App 243950" = Divinity: Dragon Commander
"Steam App 244070" = Sid Meier's Ace Patrol
"Steam App 244090" = Sid Meier’s Ace Patrol: Pacific Skies
"Steam App 244850" = Space Engineers
"Steam App 244870" = Electronic Super Joy
"Steam App 246580" = The Typing of The Dead: Overkill
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 248820" = Risk of Rain
"Steam App 2590" = Alpha Prime
"Steam App 271290" = HAWKEN
"Steam App 288370" = Strike Suit Zero: Director's Cut
"Steam App 289130" = Endless Legend
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 34010" = Alpha Protocol
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35450" = Rising Storm/Red Orchestra 2 Multiplayer
"Steam App 35460" = The Ball
"Steam App 35480" = Dwarfs!?
"Steam App 35720" = Trine 2
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 39650" = The Guild II
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 4000" = Garry's Mod
"Steam App 40100" = Supreme Commander 2
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 41900" = The Bard's Tale
"Steam App 42670" = Singularity
"Steam App 42910" = Magicka
"Steam App 44320" = DiRT 3
"Steam App 44340" = Operation Flashpoint: Red River
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 48000" = LIMBO
"Steam App 48220" = Might & Magic: Heroes VI
"Steam App 4920" = Natural Selection 2
"Steam App 49520" = Borderlands 2
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"Steam App 55110" = Red Faction: Armageddon
"Steam App 63000" = HOARD
"Steam App 65530" = SpellForce 2 - Faith in Destiny
"Steam App 65730" = Take On Helicopters
"Steam App 65740" = Carrier Command: Gaea Mission
"Steam App 65780" = Arma: Gold Edition
"Steam App 72200" = Universe Sandbox
"Steam App 7520" = Two Worlds II
"Steam App 7600" = Sid Meier's Railroads!
"Steam App 80310" = Gemini Rue
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91600" = Sanctum
"Steam App 9350" = Supreme Commander
"Steam App 9420" = Supreme Commander: Forged Alliance
"Steam App 97000" = Solar 2
"Steam App 98400" = Hard Reset
"Steam App 99300" = Renegade Ops
"Strike Suit Infinity_is1" = Strike Suit Infinity version 1.00
"Strike Suit Zero_is1" = Strike Suit Zero
"SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1" = Injustice: Gods Among Us Ultimate Edition
"The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1" = The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1
"The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light © Deep Silver version 1
"U291dGhwYXJrU3RpY2tvZlRydXRo_is1" = Southpark Stick of Truth
"U2hhZG93cnVuUmV0dXJucw==_is1" = Shadowrun Returns
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"V2FyZ2FtZUFpckxhbmRCYXR0bGU=_is1" = Wargame AirLand Battle © Focus Home Interactive version RLD!
"VLC media player" = VLC media player 2.1.2
"Warhammer 40000 Dawn of War II - Retribution_is1" = Warhammer 40000 Dawn of War II - Retribution
"Warlords Battlecry 3_is1" = Warlords Battlecry 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"X-Universe Plugin Manager_is1" = X-Universe Plugin Manager 1.47
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3661820659-3223829330-804332484-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"Hawken" = Hawken
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-C:/Users/rsubr_000/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta
"SOE-G:/Games 2/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"YS6_WIN" = YsVI
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/1/2014 11:10:02 AM | Computer Name = Ravi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WG111v2.exe, version: 1.0.0.185, time stamp:
 0x46e8f63a  Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp:
 0x52c35a76  Exception code: 0xc00000fd  Fault offset: 0x000408e6  Faulting process id:
 0x13e8  Faulting application start time: 0x01cf654f6a58da2a  Faulting application path:
 G:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe  Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report
 Id: ab10ca61-d142-11e3-bee1-6cf049ecf5c9  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 5/1/2014 1:48:55 PM | Computer Name = Ravi-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
 
< End of report >
 



#4 rns11

rns11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 May 2014 - 01:21 PM

Edit: Never mind, apparently it did post all of it correctly.


Edited by rns11, 01 May 2014 - 01:23 PM.


#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:35 PM

Posted 01 May 2014 - 04:44 PM

Hi,

 

Edit: Never mind, apparently it did post all of it correctly.

 

Yes you did.

 

Let's see if we can fix the problem...

 

Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 

  • Right click on the icon OTL.gif and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the CustomScanBox.png box at the bottom, paste in the following (excluding the Quote line):

    :Commands
    [CreateRestorePoint]

    :OTL

    :reg
    [HKEY_USERS\S-1-5-21-3661820659-3223829330-804332484-1001\Software\Microsoft\Windows\CurrentVersion\Run]
    "CMD"=-

    :Commands
    [EmptyTemp]
    [Reboot]

  • click the RunFixButton.png button at the top. Let the program run uninterrupted.
  • click OK

Notes:

  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

 

Step 2 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png

  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications


Step 3 - AdwCleaner

I notice on the log that you run AdwCleaner did you use it to scan and clean? If so I would like to see the log generated by the tool.

Please open the folder C:\AdwCleaner, locate the file AdwCleaner[S0].txt or AdwCleaner[R0].txt and Copy & Paste it contents to your topic.
 

 

Things I would like to see in your next reply:

  • The OTL Fix log
  • The ESET log
  • AdwCleaner log
  • Let me know if the auto open of the browser window is gone after reboot

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 rns11

rns11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 May 2014 - 05:11 PM

Here goes:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-3661820659-3223829330-804332484-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
User: rsubr_000
->Temp folder emptied: 2785014018 bytes
->Temporary Internet Files folder emptied: 45831595 bytes
->Java cache emptied: 331801 bytes
->FireFox cache emptied: 162704226 bytes
->Google Chrome cache emptied: 11001380 bytes
->Flash cache emptied: 1686 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15385022 bytes
RecycleBin emptied: 11684981 bytes
 
Total Files Cleaned = 2,892.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05012014_165731

Files\Folders moved on Reboot...
C:\Users\rsubr_000\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=78be72bd483f054ba3e3d7ef61581969
# engine=18105
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-01 10:08:30
# local_time=2014-05-01 05:08:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 0 15376807 0 0
# scanned=31
# found=0
# cleaned=0
# scan_time=0
 

# AdwCleaner v3.205 - Report created 01/05/2014 at 10:07:46
# Updated 28/04/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : rsubr_000 - RAVI-PC
# Running from : D:\Users\Ravi\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [767 octets] - [01/05/2014 10:07:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [826 octets] ##########
 

# AdwCleaner v3.205 - Report created 01/05/2014 at 10:08:22
# Updated 28/04/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : rsubr_000 - RAVI-PC
# Running from : D:\Users\Ravi\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\rsubr_000\AppData\Roaming\Mozilla\Firefox\Profiles\kilp2ir6.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\rsubr_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [905 octets] - [01/05/2014 10:07:46]
AdwCleaner[S0].txt - [827 octets] - [01/05/2014 10:08:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [886 octets] ##########
 


It no longer appears to be opening that tab on startup. Wonderful! Thank you!



#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:35 PM

Posted 02 May 2014 - 08:59 AM

It no longer appears to be opening that tab on startup. Wonderful! Thank you!

 

Good. The AdwCleaner and ESET log's are clean, let's check if something need to be updated...

 

 

Security Check

Download Security Check by screen317 and save it to the Desktop.

  • Double click the icon SecurityCheckIcon2.png to execute the program. If you run Windows Vista or higher, right click the icon and choose Run as Administrator.
    SecurityCheck.png
  • Follow the onscreen instructions inside of the black box.
  • If your Security Software alerts you because of Security Check, please press Allow or similar.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

 

Things I would like to see in your next reply:

  • The checkup.txt log

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 rns11

rns11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 03 May 2014 - 08:20 AM

Here goes:

 

 Results of screen317's Security Check version 0.99.82  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 55  
 Adobe Flash Player     13.0.0.206  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (28.0)
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````



#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:35 PM

Posted 03 May 2014 - 04:33 PM

Hi,

 

From the Security Check log there are some critical programs that you need to update:

» Update Adobe Reader
The Adobe Reader you have is outdated! and vulnerable to security exploits. The version presently installed it's very old, you need to uninstall Adobe Reader 9 by using the Control Panel > Uninstall a program (or Programs and Features if in Classic View). Next download and install the most recent version by visiting the Adobe Reader page, make sure you uncheck the box offering any extra programs like the McAfee Security Scan Plus.

 

» Install Antivirus

I notice that your computer doesn't have an Antivirus software installed! To protect the computer from been reinfected you must install an Antivirus program ASAP.

If you need a free option we recommend Avast Antivirus Free it provides a good protection level. Avast is free but you need to register by providing a valid e-mail address to activate the program, and repeat this process every year and carefully choose the free version every time the program ask you if you want the "pro" version.

 

 

Let me know if you have any problem doing the tasks above.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users