 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
 Posted: Sun Dec 25, 2011 5:56 am Post subject: google-search links redirect to wrong page |
 |
|
Hi,
I'm a professional computer scientist (software architect) but would appreciate some help to speed up cleaning my brother's PC from some left over malware infection, since I'm not too familiar with the details of trojans/malwares.
The situation is that ever since I manually tried to desinfect my brother's computer from some malware and trojan (rootkit) infection he's having the problem that search links on www.google.de/.com are redirected to some other weird pages.
Find attached the logs generated using DDS from his machine:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Michael at 14:46:55 on 2011-12-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.554 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9E816D11-4E0D-46C5-B8E1-EE3EABC8F384} : DhcpNameServer = 192.168.2.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
{53707962-6F74-2D53-2644-206D7942484F}
{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 86.127.71.45 L2authd.lineage2.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-23 2253120]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-6-20 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MatSvc;Microsoft Fix it Supportcenter;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-3-10 155344]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-20 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-25 13:15:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3F32924-B46D-4A6B-94C1-42DE4C2A35B6}\offreg.dll
2011-12-25 11:25:18 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3F32924-B46D-4A6B-94C1-42DE4C2A35B6}\mpengine.dll
2011-12-25 11:19:23 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-25 11:19:23 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-25 11:19:23 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-25 11:19:23 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-22 20:29:33 -------- d-----w- C:\Users\Michael\AppData\Local\SWTOR
2011-12-22 19:20:07 -------- d-----w- C:\Program Files (x86)\SWtor
2011-12-19 20:36:09 8876032 ----a-w- C:\Windows\SysWow64\FocusMag.dll
2011-12-19 20:36:08 -------- d-----w- C:\Program Files (x86)\Focus Magic
2011-12-15 18:15:17 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 18:15:16 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 18:15:11 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 18:15:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 18:14:19 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 18:14:16 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 18:14:14 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-15 18:14:14 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-12-15 00:46:42 222904 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-30 18:32:11 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-30 18:32:11 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-30 16:51:25 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-22 22:49:19 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-10-22 22:49:16 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-10-22 22:49:16 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2011-10-22 22:49:16 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-10-22 22:49:16 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2011-10-22 22:49:14 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2011-10-22 22:49:13 367104 ----a-w- C:\Windows\SysWow64\html.iec
2011-10-22 22:49:11 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-10-22 22:49:10 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-10-22 22:49:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-10-22 22:49:09 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2011-10-22 22:49:09 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2011-10-22 22:41:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-22 21:54:04 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-14 23:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-03 03:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:55:18,34 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25.03.2009 10:03:58
System Uptime: 25.12.2011 14:14:51 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP31-DS3L
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 257,227 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP744: 23.11.2011 21:53:30 - Windows Update
RP745: 24.11.2011 18:06:29 - Geplanter Prüfpunkt
RP746: 25.11.2011 14:59:54 - Windows Update
RP747: 27.11.2011 11:55:02 - Windows Update
RP748: 28.11.2011 15:08:21 - Windows Update
RP749: 30.11.2011 18:41:29 - Windows Update
RP750: 01.12.2011 21:11:24 - Windows Update
RP751: 03.12.2011 12:07:43 - Windows Update
RP752: 04.12.2011 15:08:05 - Windows Update
RP753: 05.12.2011 21:29:20 - Windows Update
RP754: 07.12.2011 17:38:42 - Windows Update
RP755: 08.12.2011 18:47:30 - Geplanter Prüfpunkt
RP756: 09.12.2011 17:45:07 - Windows Update
RP757: 10.12.2011 16:26:31 - Geplanter Prüfpunkt
RP758: 10.12.2011 20:49:31 - Windows Update
RP759: 12.12.2011 10:45:16 - Windows Update
RP760: 13.12.2011 11:40:08 - Windows Update
RP761: 14.12.2011 15:43:24 - Windows Update
RP762: 15.12.2011 19:14:35 - Windows Update
RP763: 15.12.2011 23:43:52 - Windows Update
RP764: 17.12.2011 01:16:29 - Geplanter Prüfpunkt
RP765: 17.12.2011 12:07:53 - Windows Update
RP766: 18.12.2011 12:56:40 - Windows Update
RP767: 19.12.2011 14:28:31 - Windows Update
RP768: 19.12.2011 21:14:16 - Sony Ericsson PC Suite Drivers
RP769: 19.12.2011 21:17:08 - Uninstalled Sony Ericsson Drivers
RP770: 19.12.2011 21:17:21 - Installed Sony Ericsson Drivers
RP771: 21.12.2011 12:14:11 - Windows Update
RP772: 22.12.2011 15:09:17 - Windows Update
RP773: 23.12.2011 17:14:30 - Geplanter Prüfpunkt
RP774: 23.12.2011 21:26:43 - Windows Update
RP775: 24.12.2011 15:29:15 - Geplanter Prüfpunkt
RP776: 25.12.2011 12:24:21 - Windows Update
RP777: 25.12.2011 12:43:43 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1) - Deutsch
Apple Application Support
Apple Software Update
Battlefield Play4Free
Bloodline Champions
capella 2002, Version 4.0
Cross Fire En
Focus Magic 3.02
Fraps (remove only)
Free Audio CD Burner version 1.4.7
Free Studio version 4.6
Free Video to Mp3 Converter version 3.1
Free YouTube to MP3 Converter version 3.10.4.721
Garena
Google Chrome
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
KeyScrambler
League of Legends
LibreOffice 3.3
Logitech SetPoint
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007-Testversion
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 9.0.1 (x86 de)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mythos
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opera 11.50
PokerStars.net
PunkBuster Services
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Rise of Immortals
Runes of Magic
ScreenManager Pro for LCD
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 5.5
Sony Ericsson PC Companion 2.02.002
Sony Ericsson Update Engine
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
StarCraft II
Steam
System Requirements Lab
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Veetle TV 0.9.17
VLC media player 1.1.11
vShare.tv plugin 1.3
Warcraft III
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-Bit)
World of Warcraft
.
==== End Of File ===========================
Any help/advice is heavily appreciated.
Regards,
Stefan |
|
| Back to top |
|
 |
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 17 May 2013
Posts: 9695
Location: Yorkshire
|
| Posted: Sun Dec 25, 2011 11:23 pm Post subject: |
|
|
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 17 May 2013
Posts: 9695
Location: Yorkshire
|
| Posted: Sun Dec 25, 2011 11:29 pm Post subject: |
|
|
| Quote: |
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed. |
Hi Luke1410
I'm Gary R,
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
I'd also recommend that you create a System Restore Point that we can restore to if necessary.
- Click Start, and type Create a restore point into the Search programs and files box.
- Now click on the Create a restore point icon at the top of the find list.
- This will open a System Properties box, with the System Protection tab open ...
- Click on the Create button in the lower part of the window.
- Type Pre Malware Cleanup into the description box, then click Create.
- Windows will now create a Restore Point and notify you when finished.
- Exit any open windows.
Please observe these rules while we work:
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
- As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator
| Quote: |
| It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. |
There's a few things we need to take care of, but first I'd like to run a couple of extra scans to give me a better overall picture of what we might be dealing with.
First
Download OTL by OldTimer to your Desktop.
Alternative Download
If you already have a copy of OTL delete it and use this version.
- Double click OTL.exe to launch the programme.
- Check the following.
- Scan all users.
- Lop check.
- Purity check.
- Under Extra Registry section, select Use SafeList
- Under Custom Scans/Fixes copy/paste the contents of the code box below.
| Code: |
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents |
- Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
- When finished it will produce two logs.
- OTL.txt (open on your desktop).
- Extras.txt (minimised in your taskbar)
- Please post me both logs.
Next
Download TDSSKiller.zip and extract it to your Desktop.
- Double click on TDSSKiller.exe to launch it.
- If using Vista or Windows7, when prompted by UAC allow the prompt.
- Click on Start Scan
- The scan will run.
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
- Post the contents in your next reply please.
- DO NOT TRY TO FIX ANYTHING AT THIS POINT
Summary of the logs I need from you in your next post:
- OTL.txt
- Extras.txt
- TDSSKiller log
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Mon Dec 26, 2011 4:55 am Post subject: |
|
|
Extras.txt:
OTL Extras logfile created on: 26.12.2011 13:11:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
5,14 Gb Paging File | 3,11 Gb Available in Paging File | 60,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 257,18 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 55 BE 6D 49 CA F1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-1002]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-501]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122A46A-0CB8-4241-853E-8C0E42AA9169}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{056DE134-E524-47BE-857E-B212997B5A8B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{09E6DA8B-7B1A-4530-A83C-964349700C2D}" = lport=28013 | protocol=6 | dir=in | name=s4 league port 4 |
"{0D28B7D0-34A5-46AF-AE61-8DB7B6A326C6}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{0F6A8CBF-1E9D-4341-898B-A5CAB9E128D8}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher |
"{102D10EE-8582-44FF-8D63-A71ED29CAA4B}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
"{154E7244-092A-43B8-B77E-A84304DF27C4}" = lport=28012 | protocol=6 | dir=in | name=s4 league port 3 |
"{22D7D41E-BEA6-43C1-9512-78BFEC5405B4}" = lport=6112 | protocol=6 | dir=in | name=wc3 battle net |
"{28016EDF-C985-48F5-B936-1817AD058540}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{28D10880-06F6-47BC-9E5C-DC8087240855}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{2A1FB43E-C501-4601-8B1F-3F621BCC024C}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{41C1DACE-AC04-459F-BBB0-B537A13B7066}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher |
"{490F5FD4-B136-4F72-B8E1-2630D7C27C53}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
"{52E13312-6177-46B9-B9D7-84526D46A478}" = lport=28002 | protocol=6 | dir=in | name=s4 league port 1 |
"{57C84A46-C87F-4483-A5D2-6265E3184400}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{6DFA072A-8871-4896-BBE3-77072E40D2EF}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{7B9AFA5D-D881-4003-847F-A4FA183AF64C}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{809A985C-27DF-4959-9620-3D1138E64344}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{85DFEC99-CDB9-4879-97C9-3F688DE67F8C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{87AE776F-1C44-4850-95D1-E59180F0D9FF}" = lport=28008 | protocol=6 | dir=in | name=s4 league port 2 |
"{8B21CE41-CFFC-417F-95A1-D7FAA0D88C62}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher |
"{8CD82443-25CF-435F-A571-14F040DB1753}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C44A7-2F77-4B21-96A9-DAF73489A6B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A0A0975E-6E57-46C0-9C54-632C0EF91F84}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{A67D3529-FE96-4F1C-884E-C382AF1D9484}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A7DA0A1D-6A78-424A-9ED2-80628B681C06}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher |
"{AAE39E95-B81F-4821-8ACA-FB566FC3B1DA}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{AFAB3DD3-1F5E-4F4C-9850-445BCE5E4378}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{B7965165-B2EC-4394-A742-6DFFF819F135}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{B9E2DD47-B718-457B-A39F-9E8F5506C227}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C19DAA05-6ECE-4061-8292-E20A721153F0}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DFC9FC7D-727A-484D-8197-02CE46B4BFA2}" = lport=6881 | protocol=6 | dir=in | name=blizzard dl |
"{E4ECE1C6-115E-4547-9443-C954E6124336}" = lport=49239 | protocol=6 | dir=in | name=akamai netsession interface |
"{E8ED1438-9B46-4DF1-A8D2-010140E2105E}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{EF5B6F1C-99E7-474B-99DB-CF629C54B9D7}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FC97BE74-5DB3-41EA-A5BA-24B303C14ECC}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E57AAC-B0E3-4272-A0ED-0DF2472B5BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{0298AA0A-E757-466C-B643-8DC7A2374B75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{02ACBBCC-D5AE-4151-851C-A99B38F037D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{03828862-CB97-4BF9-9B09-D2D3CE90C729}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{04389770-DE71-4173-B36A-B9790BEC26C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05954B10-4A84-46CB-87F4-9792B9889DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{06F1B349-39B7-4EDD-A42D-4C86670B8EF8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{072B8356-6DE0-43A6-AB48-2DD0360E1F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{074CF328-C579-4561-8911-698A5EB5EBA4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{07C1A740-0263-4F93-A7FC-D0BA58D8D858}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{0810C4A2-6283-45CC-8B9B-D3B23D247409}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08B24F71-01BF-4808-9735-DE8CB4A185FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
"{0EA5E9B3-8136-4824-A206-76EA068470E0}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{16D5AAE1-2FCD-4997-8513-134B07286FF5}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{17B7D436-342C-4FC6-AD14-60ACA5C7CD74}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
"{17C56504-63A4-4CE2-AE29-E58DA8415754}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BAF6CAC-BAF9-49CC-8EE4-BC6F41301FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1FDB68B5-9D4D-46DD-A404-18BFEDF3E8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
"{2169081A-7F12-4E1B-89E1-15E17469F9D5}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{21B9B927-3566-4878-AD02-C1FE3AD56156}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{23BF37FC-6A55-4A25-8AC5-3061633B45FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2579E9AF-EE6F-4370-815B-6A6524000DED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2595FD48-6FC8-4894-8B6E-0C258333CDAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{266A762C-8393-41FE-BE60-CDC8D18E6D85}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
"{26E1EDD1-F134-42F0-8B89-584DFECAE05C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{2796BA1A-65B9-49CD-80C5-2F051E4EF691}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"{284D2092-099C-4237-A39E-CE022F7C0F89}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2BDF309B-D74A-40CE-877B-A3D407BCA68A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2E954DF7-84C1-4A59-BC0A-3E68C29EF6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{2EAF7D9A-E62B-42A8-8BA9-43E26672BB67}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{2F071087-D349-4CA9-8B6F-554F61D64F87}" = protocol=6 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe |
"{3305FBB7-E6C7-409E-82F4-4CFAB16ED620}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{334C0EA3-2414-49D4-80F9-1F008EC56CD4}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{35DF9019-6AC6-4ED1-AF86-9C8BDF82F1FC}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{360501C8-D49A-45E0-A9C9-522CD188F54C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36C4463F-48A5-467B-959C-BA724BA009A0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
"{383D3551-80AF-4709-8AFE-216780FF4B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A223D83-D39C-4164-941C-41B188938039}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{3F0D5DF0-8BDC-49A9-83A4-DB0FE2F683A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4006C515-520F-45F5-983B-9D2610BF561C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{417E392F-4BFC-4236-BD4F-9C4230263D8C}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{418265F6-1C9F-478D-876B-752EB871BF84}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
"{4249DC39-725C-49F5-A45D-889BBC73E453}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{427428F2-E705-4F00-82BA-2A405BD80A2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{4339EB0C-CB0D-4D40-8308-A2A9FA951891}" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe |
"{436997AF-377C-4FF0-959A-895D93F8D438}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{4573311D-0A94-4C4D-A7ED-0E2E945E9B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{47B504EE-D3FA-41D7-B824-633022B42214}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{527EB298-BC2F-4DDD-9DD5-FA044833E9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
"{5537D85F-A2DA-43D0-AD11-1BF5292B2735}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{565063E6-5FED-464F-8A4D-E16002B1C4A2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{59956AC8-9E17-4CE2-A858-581C2775A7C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BFCF657-9539-49B6-9981-BE53C0E61456}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"{5DBB8336-C495-4963-918F-AE91D3C2F5CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5EE226C4-9005-4AFE-B31E-D575C5E86C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5FC0597A-F3C4-4940-AE3B-C61E930FF019}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe |
"{62CA1AC3-38ED-4879-BF54-D4C9D2A084B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6546E387-03A4-407F-ACE9-58561E8F7601}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{683758F6-A3F0-4EDF-9FCC-3B0BCC52CBD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{699BD229-12F4-4316-A2EA-C25F2019F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A1FACEA-A4D4-4000-BC91-63FB3FCE41FE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{6BCEC83E-8B92-45C4-9D19-008B3E3E8D50}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6D1CEBAD-5550-43C1-A3DA-0FD94A5F5DE0}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe |
"{706142DE-177C-4B43-BEDA-FE149AE9AE76}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
"{72C36314-40C5-4885-86B8-D6796CF09DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{72FCAF53-E86B-4610-A4A5-973FD647D8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{73C9B64A-FCD3-4184-B559-1923E5A086E0}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{7B2BBFA8-3D55-42CB-AFDD-F7A672B4E4A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C6827E7-1B47-45D1-8D9F-F6A2956472E9}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{7E10405F-0D70-429B-AB30-4384DC26E998}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{839D3579-D555-4D7F-96BC-B3947B6C9E18}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{8818AD1E-CFA3-4E91-BCA3-072FF8E5573F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8AED45D8-8405-4A29-8141-1ED1E690B0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"{8C5C82C1-C706-490B-87A9-1A82BEB4DBF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{8C9A17D0-C24D-451E-B11B-15B696A1919E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91275978-5303-48AA-B003-14A6425E45C7}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{954ACA57-B61D-4968-B6E1-668B90A744AF}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{9690D3D9-1F68-4848-AC21-9371CEB0FE94}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe |
"{96A98C84-0782-4D39-9D05-8A32E6BF2F28}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"{971D40C7-32A0-4E1B-BF25-7A9866AE5483}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{97246F94-4878-448C-99B1-8DA11070331A}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"{98956617-BBE0-4C34-997D-8AB6C63FAB77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{993192BC-1B6C-4735-A867-6AA92359235B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{993E7761-B74D-48A0-BE4B-F0A25841B0DA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{9A483A68-4880-49B4-A4A1-5E105EC447F2}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{9D5E20DF-DCC2-4F61-927A-86170FC76EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
"{A226B027-E0C3-4FD8-9D47-41CEB32B7478}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{A66F722F-DE4C-49C5-B4E6-043DED108F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{AA05ED7C-BBF3-408B-8151-DB7780BD68CB}" = protocol=6 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe |
"{AADDD65A-7F82-4B3F-B38B-1100CF97D4C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEEEB85B-0426-4CE3-BB30-3B34FBAF7EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{B45C1919-8F1B-41AB-AB97-3619BFC8C934}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{B6AB4D0A-2E84-4E7E-9C90-0D848E4E2171}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{B6E201F6-7F49-41AE-A1DD-919557C37A21}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B8000E55-CE0D-4102-94FD-92A0D7F13041}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{BAEDC47C-9C7F-4294-BD03-FCD7C1630394}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"{BB841F38-5BCB-4273-B6CC-A6F4EE60CC5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{BB94EA26-137A-4B27-983B-52C805797D76}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{BE8F6C0E-68C8-4062-B37F-9985D29B77AF}" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe |
"{BF1FD935-FF6C-490A-AF4E-DB51D24FE7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{BF2FD075-D610-49E3-8E8A-36B6C084EDD9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C115AED8-8484-4279-AAAD-43C597050281}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe |
"{C4677C0B-2110-4EDD-AE4E-EB976AEC10CB}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C4DFEFBD-ADF8-4F75-8B8D-7B6F428BD32C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{C739D671-B5AF-4EB0-BB2C-773E0ACC2500}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
"{C749D529-3ADE-4247-B835-1F23A6C81F66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA4D41A6-1B50-4A13-9BDB-2A4B04A10231}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{D3CDBBBC-8706-4A5B-A60E-425EE995E3ED}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{DC37B27A-0AFF-4A15-9BB7-8BAB5DC8BA6C}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{DF36E914-93A6-4927-A1CE-E46D4E124095}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{DF543F2E-4B13-4C2D-A0DB-624B9DB8A836}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E05D6BF8-4B5B-4606-A5BE-6E8A140BF082}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{E1D940D4-9BA8-4CE4-9CBB-13034D141A70}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{E20814B1-06AC-4F4D-B1CF-FE8A3E5B2C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{E243C577-69AF-4B09-B86F-D5FAA4664850}" = protocol=17 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe |
"{E2619355-B23E-441C-8310-160AA7A93CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{E935D7B4-FEFB-4946-8CE0-D09A329EB4A3}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{ED5D6FFA-5C9C-4A79-AAB3-C07164477D26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE3A7C54-616D-4C44-9980-B016629EC929}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
"{F09A31AA-2A69-419F-8A8E-0E31030C177F}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
"{F0A5FC5F-BFDB-43AB-94A2-DF67346671C3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{F10B26DF-F55C-42B0-AB84-BAB334171F59}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{F55BF6FE-2503-4165-9967-601445E29840}" = protocol=17 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe |
"{F8187FAB-9DC4-42DA-8B71-B160E5ACD8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{F8F28F9D-7EA2-489B-94BA-0874A5F1FF74}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{F9FF858F-51A0-4BB2-BCE4-5216C910AFCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FC64C91F-B78D-457B-943C-B027692DCFC0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{FCCFA9F6-CA0B-4037-8F7C-D1EA61D0AA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDC012F9-D2B8-4B0A-A470-6EA60C1CE6C8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{FDC3043D-36F0-4E4E-A19A-8F1D1391FEFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF63DF6E-D9B8-47CA-B515-81558C3BB8E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{008297C1-0191-4ADC-B002-3FA5F8033738}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{039314A7-727C-4592-98B5-27046D1CD220}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"TCP Query User{05413D6C-0F61-459C-B322-1B3542F6C745}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"TCP Query User{0775F2D9-4C0D-422D-B7D8-6BC04E1BC822}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe |
"TCP Query User{091F6DF6-879A-4E30-9134-7ED4ADA234F1}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe |
"TCP Query User{0DFC482C-DD77-4FC2-888B-F1B565A681E3}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{162B6DD0-1B6C-481A-B93B-D17CCEC75A17}C:\program files (x86)\swtor\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swtor\launcher.exe |
"TCP Query User{17518E08-7E21-4DC9-B223-3BBDA48F1B15}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe |
"TCP Query User{24CBCE38-589C-4D3E-B2E0-7102470C573E}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{24D832D9-793A-4558-B3C2-20F3D4F51909}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{2A6245AF-998A-4AF8-8D5E-FCEE1DA722FA}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"TCP Query User{2ADBBC5C-46DC-449E-8313-9ADEC6647931}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe |
"TCP Query User{2C962C0D-07E3-4811-AF8A-4C030D275F34}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{2D114A5D-7F34-43EB-9824-CC5B3A7F3C1F}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"TCP Query User{33E3FDA7-2DFB-4E89-9331-834CD35CC817}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{4DB0F3CC-1904-4B32-8263-9F437517057E}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{517EB4E8-E996-4445-A06C-7C9D793E1824}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{5B728098-0935-436D-BDB8-6C7EF48E1CF3}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{5D23D801-6F84-433C-98C5-8E34E903E627}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe |
"TCP Query User{6D14DCCE-2383-47FC-AA36-5DD59593A344}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{72EBA4D4-8740-41A4-8E8D-F116E14CF3D9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{73CA8C9A-BB27-41D4-976E-895DA51028A1}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"TCP Query User{777565FC-2E3C-4166-99F5-A29F9EB519CF}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe |
"TCP Query User{7EE2242F-B3E1-4ECC-AF12-336428FB2E35}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{801D3A84-750E-4EF3-8AE4-FAEC79F31B57}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{848B5617-EC16-4CA8-BD7A-0A9E4433BE9E}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{8AA3F848-F800-48EF-B3B9-980C452723CC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8DAF79E7-AE55-4415-99E1-FCAAAA58DC08}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{9CCBE6DA-A656-4C9B-803B-354D509CA3EB}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{9D762284-BECB-4AA8-8C8F-C3F3327C778F}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe |
"TCP Query User{A7895CEC-42EB-43EF-A6C4-5C5A4B7DFD47}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{A9D47E46-6E04-467C-B2D8-13826D47A4AB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B75B8724-F2CD-4BFF-B32B-A9647D05AFAC}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"TCP Query User{B79AF1ED-214F-4BDF-B4F7-68C740B8C515}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{B89D30AC-1122-4D1E-BB39-5598BC27D09B}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{B8F2B24E-3825-47AB-88C4-06B7E0F05B92}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{BB66BCCF-609B-4BF3-B460-8914AACC106B}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{C9FAE59E-4B82-40EC-B2F1-32B1888ED64F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{CCFF79A4-C26B-468E-B147-7296DED76DD0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{D1CADD06-1B05-4AB3-B79A-AFD995D526F9}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D35F1AB7-F2C6-4F57-8910-D8017F084E31}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D37FD4D8-5ED9-4643-8A84-8C3A6E5C869D}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{D938E506-79D6-40C1-A621-B255BDEBDD47}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe |
"TCP Query User{D96ADD45-FE64-403E-92CC-608521A5CC42}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"TCP Query User{E6864631-9A97-4A5D-A95F-5115D48A742B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{EFECAB8F-309F-4549-AD4D-B2C6A940619F}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"TCP Query User{F3B4A317-DD09-41AA-8363-634D471D33B4}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{FB43C66A-F699-4124-9A35-574F180A352D}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"TCP Query User{FC24C887-25CD-4B47-AE90-E4CCDCE7A434}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{0638BD36-37F9-4C03-98BF-E5A0B8241B6C}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{07E80802-8F39-4045-BF17-F900F05E4993}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{0933D8BA-649C-48CC-91F9-BAB04737DC86}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe |
"UDP Query User{0F8E310B-B214-4C69-A200-705C9E4052D6}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{1031BF17-97CB-4D2B-B5A8-6E56C302C2C5}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{157769E8-3132-4AD8-A7EB-F5D86E6358E7}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{268FA8D8-1AB3-4D1D-8E08-368DFD92002A}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{269AB78F-7172-4F49-9DBD-842F631F3B7B}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{27D24624-3DD1-4C4A-8036-0877E4415D75}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{2AC809CE-BE20-498E-B64F-50A2DA704328}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{34AAE97B-7CAA-46A4-AE2F-5ADCE6972934}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{3A28D625-611A-43F2-99C8-3E2DC34A6113}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe |
"UDP Query User{3CC39BC9-D9FC-40A8-86AE-B4F3228157F2}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"UDP Query User{44D712CA-81AB-4D88-946D-FF527D49912D}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"UDP Query User{48396E73-AF3C-4F6B-828C-57464A473976}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{4A8B15D3-ABE5-43CA-9F2C-3BE1C185795B}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe |
"UDP Query User{4C020BCC-FDB5-470B-91D3-D43A970E169C}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{4D39A7D7-0C23-46B9-9531-CD38AACB2D1F}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"UDP Query User{5512D4CC-95D0-427C-A031-CA124033B3EF}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"UDP Query User{60AEA6B2-42CF-4FE7-9D1A-BD8674E2264A}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"UDP Query User{6D7EDDBB-091A-4D15-ACE8-7C132A62166E}C:\program files (x86)\swtor\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swtor\launcher.exe |
"UDP Query User{6DB7F820-98F2-48EF-B853-8089F1CB0080}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe |
"UDP Query User{7288B700-98E4-47BA-BA2F-92105EF81ECC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{73C5AEB9-1972-4142-B631-60B16E130925}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{7B90455F-6E98-41A1-BC3B-1E0A9B1E82B5}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{8B64D15C-A2F6-4AFB-9E71-26CB3D969A4D}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{8C7C4017-855B-44EE-B236-26E498BEA147}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"UDP Query User{904F5901-F84E-4192-8B5E-DAA1CCA12661}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{927BFBD9-B395-4703-AF83-DDCF82CD0E6C}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{93E8CCA6-63E8-47D5-9C34-D446B879C540}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{93EA8F9E-4DAF-4B6A-98E2-0A09D51EE70A}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{9F6698FD-641B-4355-8FF4-202FEB319BAC}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A23DA009-FC7C-48D3-97DB-7743241CB227}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{A253C311-29D4-48A3-BAA7-744B22780CE1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{A6FB0F2B-C453-4CDE-AC9D-C062F8E1B539}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe |
"UDP Query User{A8EEE47E-6A47-4E85-9D63-660D5ED9F029}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{B1EF120E-A64A-49FF-8F46-2B9D251D2D52}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{BFAB4E26-AF1D-46FA-A179-C1CC242EEBB2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C0A1EDC4-3081-4EC8-B1EB-B1A6473BB6D5}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{C9ADD2E3-8796-40AC-8077-D15FA8070867}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D954BD94-7C00-4863-A8C0-986DA0EEAB1F}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{DF7F19C2-B026-4E80-9FF2-848B592826B0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E0B93BAF-9BC8-4BDF-B0A4-4CF0B9C336EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E0BDDC0F-C19E-4685-8661-AEFEFA5D7442}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe |
"UDP Query User{E2CD49C2-066D-4595-ADF5-404B54523F2A}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe |
"UDP Query User{E67D977D-DB3A-4793-BD80-612F5F907BF8}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"UDP Query User{EB79A1C8-9ECA-4890-8C51-0B882920A9C4}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe |
"UDP Query User{ED49532B-E489-4F02-9500-7265D4544F72}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"UDP Query User{EF9CF8AC-23D9-4F32-96E4-1A3F2B6841D4}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = Mythos
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"capella2002-v4.0" = capella 2002, Version 4.0
"Cross Fire_is1" = Cross Fire En
"Focus Magic_is1" = Focus Magic 3.02
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.6
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.4.721
"Garena" = Garena
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"hon" = Heroes of Newerth
"IrfanView" = IrfanView (remove only)
"KeyScrambler" = KeyScrambler
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RiseOfImmortals" = Rise of Immortals
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
[color=#E5 |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Mon Dec 26, 2011 4:57 am Post subject: |
|
|
Extras.txt:
OTL Extras logfile created on: 26.12.2011 13:11:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
5,14 Gb Paging File | 3,11 Gb Available in Paging File | 60,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 257,18 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 55 BE 6D 49 CA F1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-1002]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-501]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122A46A-0CB8-4241-853E-8C0E42AA9169}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{056DE134-E524-47BE-857E-B212997B5A8B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{09E6DA8B-7B1A-4530-A83C-964349700C2D}" = lport=28013 | protocol=6 | dir=in | name=s4 league port 4 |
"{0D28B7D0-34A5-46AF-AE61-8DB7B6A326C6}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{0F6A8CBF-1E9D-4341-898B-A5CAB9E128D8}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher |
"{102D10EE-8582-44FF-8D63-A71ED29CAA4B}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
"{154E7244-092A-43B8-B77E-A84304DF27C4}" = lport=28012 | protocol=6 | dir=in | name=s4 league port 3 |
"{22D7D41E-BEA6-43C1-9512-78BFEC5405B4}" = lport=6112 | protocol=6 | dir=in | name=wc3 battle net |
"{28016EDF-C985-48F5-B936-1817AD058540}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{28D10880-06F6-47BC-9E5C-DC8087240855}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{2A1FB43E-C501-4601-8B1F-3F621BCC024C}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{41C1DACE-AC04-459F-BBB0-B537A13B7066}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher |
"{490F5FD4-B136-4F72-B8E1-2630D7C27C53}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
"{52E13312-6177-46B9-B9D7-84526D46A478}" = lport=28002 | protocol=6 | dir=in | name=s4 league port 1 |
"{57C84A46-C87F-4483-A5D2-6265E3184400}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{6DFA072A-8871-4896-BBE3-77072E40D2EF}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{7B9AFA5D-D881-4003-847F-A4FA183AF64C}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{809A985C-27DF-4959-9620-3D1138E64344}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{85DFEC99-CDB9-4879-97C9-3F688DE67F8C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{87AE776F-1C44-4850-95D1-E59180F0D9FF}" = lport=28008 | protocol=6 | dir=in | name=s4 league port 2 |
"{8B21CE41-CFFC-417F-95A1-D7FAA0D88C62}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher |
"{8CD82443-25CF-435F-A571-14F040DB1753}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{9E0C44A7-2F77-4B21-96A9-DAF73489A6B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A0A0975E-6E57-46C0-9C54-632C0EF91F84}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{A67D3529-FE96-4F1C-884E-C382AF1D9484}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A7DA0A1D-6A78-424A-9ED2-80628B681C06}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher |
"{AAE39E95-B81F-4821-8ACA-FB566FC3B1DA}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{AFAB3DD3-1F5E-4F4C-9850-445BCE5E4378}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{B7965165-B2EC-4394-A742-6DFFF819F135}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{B9E2DD47-B718-457B-A39F-9E8F5506C227}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C19DAA05-6ECE-4061-8292-E20A721153F0}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DFC9FC7D-727A-484D-8197-02CE46B4BFA2}" = lport=6881 | protocol=6 | dir=in | name=blizzard dl |
"{E4ECE1C6-115E-4547-9443-C954E6124336}" = lport=49239 | protocol=6 | dir=in | name=akamai netsession interface |
"{E8ED1438-9B46-4DF1-A8D2-010140E2105E}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{EF5B6F1C-99E7-474B-99DB-CF629C54B9D7}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FC97BE74-5DB3-41EA-A5BA-24B303C14ECC}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E57AAC-B0E3-4272-A0ED-0DF2472B5BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{0298AA0A-E757-466C-B643-8DC7A2374B75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{02ACBBCC-D5AE-4151-851C-A99B38F037D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{03828862-CB97-4BF9-9B09-D2D3CE90C729}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{04389770-DE71-4173-B36A-B9790BEC26C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{05954B10-4A84-46CB-87F4-9792B9889DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{06F1B349-39B7-4EDD-A42D-4C86670B8EF8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{072B8356-6DE0-43A6-AB48-2DD0360E1F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{074CF328-C579-4561-8911-698A5EB5EBA4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{07C1A740-0263-4F93-A7FC-D0BA58D8D858}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe |
"{0810C4A2-6283-45CC-8B9B-D3B23D247409}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08B24F71-01BF-4808-9735-DE8CB4A185FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
"{0EA5E9B3-8136-4824-A206-76EA068470E0}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{16D5AAE1-2FCD-4997-8513-134B07286FF5}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{17B7D436-342C-4FC6-AD14-60ACA5C7CD74}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
"{17C56504-63A4-4CE2-AE29-E58DA8415754}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BAF6CAC-BAF9-49CC-8EE4-BC6F41301FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1FDB68B5-9D4D-46DD-A404-18BFEDF3E8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
"{2169081A-7F12-4E1B-89E1-15E17469F9D5}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{21B9B927-3566-4878-AD02-C1FE3AD56156}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{23BF37FC-6A55-4A25-8AC5-3061633B45FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2579E9AF-EE6F-4370-815B-6A6524000DED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2595FD48-6FC8-4894-8B6E-0C258333CDAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{266A762C-8393-41FE-BE60-CDC8D18E6D85}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
"{26E1EDD1-F134-42F0-8B89-584DFECAE05C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{2796BA1A-65B9-49CD-80C5-2F051E4EF691}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"{284D2092-099C-4237-A39E-CE022F7C0F89}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2BDF309B-D74A-40CE-877B-A3D407BCA68A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2E954DF7-84C1-4A59-BC0A-3E68C29EF6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{2EAF7D9A-E62B-42A8-8BA9-43E26672BB67}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{2F071087-D349-4CA9-8B6F-554F61D64F87}" = protocol=6 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe |
"{3305FBB7-E6C7-409E-82F4-4CFAB16ED620}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{334C0EA3-2414-49D4-80F9-1F008EC56CD4}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{35DF9019-6AC6-4ED1-AF86-9C8BDF82F1FC}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{360501C8-D49A-45E0-A9C9-522CD188F54C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36C4463F-48A5-467B-959C-BA724BA009A0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
"{383D3551-80AF-4709-8AFE-216780FF4B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A223D83-D39C-4164-941C-41B188938039}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{3F0D5DF0-8BDC-49A9-83A4-DB0FE2F683A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4006C515-520F-45F5-983B-9D2610BF561C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{417E392F-4BFC-4236-BD4F-9C4230263D8C}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{418265F6-1C9F-478D-876B-752EB871BF84}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
"{4249DC39-725C-49F5-A45D-889BBC73E453}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{427428F2-E705-4F00-82BA-2A405BD80A2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{4339EB0C-CB0D-4D40-8308-A2A9FA951891}" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe |
"{436997AF-377C-4FF0-959A-895D93F8D438}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{4573311D-0A94-4C4D-A7ED-0E2E945E9B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{47B504EE-D3FA-41D7-B824-633022B42214}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{527EB298-BC2F-4DDD-9DD5-FA044833E9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
"{5537D85F-A2DA-43D0-AD11-1BF5292B2735}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{565063E6-5FED-464F-8A4D-E16002B1C4A2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{59956AC8-9E17-4CE2-A858-581C2775A7C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BFCF657-9539-49B6-9981-BE53C0E61456}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"{5DBB8336-C495-4963-918F-AE91D3C2F5CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5EE226C4-9005-4AFE-B31E-D575C5E86C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5FC0597A-F3C4-4940-AE3B-C61E930FF019}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe |
"{62CA1AC3-38ED-4879-BF54-D4C9D2A084B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6546E387-03A4-407F-ACE9-58561E8F7601}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{683758F6-A3F0-4EDF-9FCC-3B0BCC52CBD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{699BD229-12F4-4316-A2EA-C25F2019F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A1FACEA-A4D4-4000-BC91-63FB3FCE41FE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{6BCEC83E-8B92-45C4-9D19-008B3E3E8D50}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6D1CEBAD-5550-43C1-A3DA-0FD94A5F5DE0}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe |
"{706142DE-177C-4B43-BEDA-FE149AE9AE76}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
"{72C36314-40C5-4885-86B8-D6796CF09DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{72FCAF53-E86B-4610-A4A5-973FD647D8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{73C9B64A-FCD3-4184-B559-1923E5A086E0}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{7B2BBFA8-3D55-42CB-AFDD-F7A672B4E4A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C6827E7-1B47-45D1-8D9F-F6A2956472E9}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{7E10405F-0D70-429B-AB30-4384DC26E998}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{839D3579-D555-4D7F-96BC-B3947B6C9E18}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{8818AD1E-CFA3-4E91-BCA3-072FF8E5573F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8AED45D8-8405-4A29-8141-1ED1E690B0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"{8C5C82C1-C706-490B-87A9-1A82BEB4DBF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{8C9A17D0-C24D-451E-B11B-15B696A1919E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91275978-5303-48AA-B003-14A6425E45C7}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{954ACA57-B61D-4968-B6E1-668B90A744AF}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{9690D3D9-1F68-4848-AC21-9371CEB0FE94}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe |
"{96A98C84-0782-4D39-9D05-8A32E6BF2F28}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"{971D40C7-32A0-4E1B-BF25-7A9866AE5483}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{97246F94-4878-448C-99B1-8DA11070331A}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"{98956617-BBE0-4C34-997D-8AB6C63FAB77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{993192BC-1B6C-4735-A867-6AA92359235B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{993E7761-B74D-48A0-BE4B-F0A25841B0DA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{9A483A68-4880-49B4-A4A1-5E105EC447F2}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{9D5E20DF-DCC2-4F61-927A-86170FC76EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
"{A226B027-E0C3-4FD8-9D47-41CEB32B7478}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{A66F722F-DE4C-49C5-B4E6-043DED108F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{AA05ED7C-BBF3-408B-8151-DB7780BD68CB}" = protocol=6 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe |
"{AADDD65A-7F82-4B3F-B38B-1100CF97D4C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEEEB85B-0426-4CE3-BB30-3B34FBAF7EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{B45C1919-8F1B-41AB-AB97-3619BFC8C934}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{B6AB4D0A-2E84-4E7E-9C90-0D848E4E2171}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{B6E201F6-7F49-41AE-A1DD-919557C37A21}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B8000E55-CE0D-4102-94FD-92A0D7F13041}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{BAEDC47C-9C7F-4294-BD03-FCD7C1630394}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe |
"{BB841F38-5BCB-4273-B6CC-A6F4EE60CC5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{BB94EA26-137A-4B27-983B-52C805797D76}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{BE8F6C0E-68C8-4062-B37F-9985D29B77AF}" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe |
"{BF1FD935-FF6C-490A-AF4E-DB51D24FE7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{BF2FD075-D610-49E3-8E8A-36B6C084EDD9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C115AED8-8484-4279-AAAD-43C597050281}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe |
"{C4677C0B-2110-4EDD-AE4E-EB976AEC10CB}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C4DFEFBD-ADF8-4F75-8B8D-7B6F428BD32C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe |
"{C739D671-B5AF-4EB0-BB2C-773E0ACC2500}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
"{C749D529-3ADE-4247-B835-1F23A6C81F66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA4D41A6-1B50-4A13-9BDB-2A4B04A10231}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{D3CDBBBC-8706-4A5B-A60E-425EE995E3ED}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{DC37B27A-0AFF-4A15-9BB7-8BAB5DC8BA6C}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe |
"{DF36E914-93A6-4927-A1CE-E46D4E124095}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{DF543F2E-4B13-4C2D-A0DB-624B9DB8A836}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E05D6BF8-4B5B-4606-A5BE-6E8A140BF082}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{E1D940D4-9BA8-4CE4-9CBB-13034D141A70}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{E20814B1-06AC-4F4D-B1CF-FE8A3E5B2C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{E243C577-69AF-4B09-B86F-D5FAA4664850}" = protocol=17 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe |
"{E2619355-B23E-441C-8310-160AA7A93CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{E935D7B4-FEFB-4946-8CE0-D09A329EB4A3}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{ED5D6FFA-5C9C-4A79-AAB3-C07164477D26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE3A7C54-616D-4C44-9980-B016629EC929}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
"{F09A31AA-2A69-419F-8A8E-0E31030C177F}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
"{F0A5FC5F-BFDB-43AB-94A2-DF67346671C3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"{F10B26DF-F55C-42B0-AB84-BAB334171F59}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{F55BF6FE-2503-4165-9967-601445E29840}" = protocol=17 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe |
"{F8187FAB-9DC4-42DA-8B71-B160E5ACD8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{F8F28F9D-7EA2-489B-94BA-0874A5F1FF74}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{F9FF858F-51A0-4BB2-BCE4-5216C910AFCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FC64C91F-B78D-457B-943C-B027692DCFC0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{FCCFA9F6-CA0B-4037-8F7C-D1EA61D0AA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDC012F9-D2B8-4B0A-A470-6EA60C1CE6C8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{FDC3043D-36F0-4E4E-A19A-8F1D1391FEFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF63DF6E-D9B8-47CA-B515-81558C3BB8E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{008297C1-0191-4ADC-B002-3FA5F8033738}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{039314A7-727C-4592-98B5-27046D1CD220}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"TCP Query User{05413D6C-0F61-459C-B322-1B3542F6C745}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"TCP Query User{0775F2D9-4C0D-422D-B7D8-6BC04E1BC822}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe |
"TCP Query User{091F6DF6-879A-4E30-9134-7ED4ADA234F1}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe |
"TCP Query User{0DFC482C-DD77-4FC2-888B-F1B565A681E3}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{162B6DD0-1B6C-481A-B93B-D17CCEC75A17}C:\program files (x86)\swtor\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swtor\launcher.exe |
"TCP Query User{17518E08-7E21-4DC9-B223-3BBDA48F1B15}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe |
"TCP Query User{24CBCE38-589C-4D3E-B2E0-7102470C573E}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{24D832D9-793A-4558-B3C2-20F3D4F51909}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{2A6245AF-998A-4AF8-8D5E-FCEE1DA722FA}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"TCP Query User{2ADBBC5C-46DC-449E-8313-9ADEC6647931}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe |
"TCP Query User{2C962C0D-07E3-4811-AF8A-4C030D275F34}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{2D114A5D-7F34-43EB-9824-CC5B3A7F3C1F}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"TCP Query User{33E3FDA7-2DFB-4E89-9331-834CD35CC817}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{4DB0F3CC-1904-4B32-8263-9F437517057E}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{517EB4E8-E996-4445-A06C-7C9D793E1824}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{5B728098-0935-436D-BDB8-6C7EF48E1CF3}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"TCP Query User{5D23D801-6F84-433C-98C5-8E34E903E627}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe |
"TCP Query User{6D14DCCE-2383-47FC-AA36-5DD59593A344}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{72EBA4D4-8740-41A4-8E8D-F116E14CF3D9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{73CA8C9A-BB27-41D4-976E-895DA51028A1}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"TCP Query User{777565FC-2E3C-4166-99F5-A29F9EB519CF}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe |
"TCP Query User{7EE2242F-B3E1-4ECC-AF12-336428FB2E35}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{801D3A84-750E-4EF3-8AE4-FAEC79F31B57}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{848B5617-EC16-4CA8-BD7A-0A9E4433BE9E}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{8AA3F848-F800-48EF-B3B9-980C452723CC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8DAF79E7-AE55-4415-99E1-FCAAAA58DC08}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{9CCBE6DA-A656-4C9B-803B-354D509CA3EB}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{9D762284-BECB-4AA8-8C8F-C3F3327C778F}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe |
"TCP Query User{A7895CEC-42EB-43EF-A6C4-5C5A4B7DFD47}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{A9D47E46-6E04-467C-B2D8-13826D47A4AB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B75B8724-F2CD-4BFF-B32B-A9647D05AFAC}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"TCP Query User{B79AF1ED-214F-4BDF-B4F7-68C740B8C515}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{B89D30AC-1122-4D1E-BB39-5598BC27D09B}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{B8F2B24E-3825-47AB-88C4-06B7E0F05B92}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{BB66BCCF-609B-4BF3-B460-8914AACC106B}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{C9FAE59E-4B82-40EC-B2F1-32B1888ED64F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{CCFF79A4-C26B-468E-B147-7296DED76DD0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{D1CADD06-1B05-4AB3-B79A-AFD995D526F9}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D35F1AB7-F2C6-4F57-8910-D8017F084E31}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D37FD4D8-5ED9-4643-8A84-8C3A6E5C869D}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{D938E506-79D6-40C1-A621-B255BDEBDD47}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe |
"TCP Query User{D96ADD45-FE64-403E-92CC-608521A5CC42}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"TCP Query User{E6864631-9A97-4A5D-A95F-5115D48A742B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{EFECAB8F-309F-4549-AD4D-B2C6A940619F}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"TCP Query User{F3B4A317-DD09-41AA-8363-634D471D33B4}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{FB43C66A-F699-4124-9A35-574F180A352D}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"TCP Query User{FC24C887-25CD-4B47-AE90-E4CCDCE7A434}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{0638BD36-37F9-4C03-98BF-E5A0B8241B6C}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{07E80802-8F39-4045-BF17-F900F05E4993}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{0933D8BA-649C-48CC-91F9-BAB04737DC86}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe |
"UDP Query User{0F8E310B-B214-4C69-A200-705C9E4052D6}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{1031BF17-97CB-4D2B-B5A8-6E56C302C2C5}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{157769E8-3132-4AD8-A7EB-F5D86E6358E7}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{268FA8D8-1AB3-4D1D-8E08-368DFD92002A}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{269AB78F-7172-4F49-9DBD-842F631F3B7B}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{27D24624-3DD1-4C4A-8036-0877E4415D75}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{2AC809CE-BE20-498E-B64F-50A2DA704328}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{34AAE97B-7CAA-46A4-AE2F-5ADCE6972934}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{3A28D625-611A-43F2-99C8-3E2DC34A6113}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe |
"UDP Query User{3CC39BC9-D9FC-40A8-86AE-B4F3228157F2}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |
"UDP Query User{44D712CA-81AB-4D88-946D-FF527D49912D}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"UDP Query User{48396E73-AF3C-4F6B-828C-57464A473976}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{4A8B15D3-ABE5-43CA-9F2C-3BE1C185795B}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe |
"UDP Query User{4C020BCC-FDB5-470B-91D3-D43A970E169C}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe |
"UDP Query User{4D39A7D7-0C23-46B9-9531-CD38AACB2D1F}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe |
"UDP Query User{5512D4CC-95D0-427C-A031-CA124033B3EF}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe |
"UDP Query User{60AEA6B2-42CF-4FE7-9D1A-BD8674E2264A}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe |
"UDP Query User{6D7EDDBB-091A-4D15-ACE8-7C132A62166E}C:\program files (x86)\swtor\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swtor\launcher.exe |
"UDP Query User{6DB7F820-98F2-48EF-B853-8089F1CB0080}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe |
"UDP Query User{7288B700-98E4-47BA-BA2F-92105EF81ECC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{73C5AEB9-1972-4142-B631-60B16E130925}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{7B90455F-6E98-41A1-BC3B-1E0A9B1E82B5}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{8B64D15C-A2F6-4AFB-9E71-26CB3D969A4D}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{8C7C4017-855B-44EE-B236-26E498BEA147}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe |
"UDP Query User{904F5901-F84E-4192-8B5E-DAA1CCA12661}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{927BFBD9-B395-4703-AF83-DDCF82CD0E6C}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{93E8CCA6-63E8-47D5-9C34-D446B879C540}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{93EA8F9E-4DAF-4B6A-98E2-0A09D51EE70A}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{9F6698FD-641B-4355-8FF4-202FEB319BAC}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A23DA009-FC7C-48D3-97DB-7743241CB227}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{A253C311-29D4-48A3-BAA7-744B22780CE1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{A6FB0F2B-C453-4CDE-AC9D-C062F8E1B539}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe |
"UDP Query User{A8EEE47E-6A47-4E85-9D63-660D5ED9F029}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{B1EF120E-A64A-49FF-8F46-2B9D251D2D52}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{BFAB4E26-AF1D-46FA-A179-C1CC242EEBB2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C0A1EDC4-3081-4EC8-B1EB-B1A6473BB6D5}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{C9ADD2E3-8796-40AC-8077-D15FA8070867}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D954BD94-7C00-4863-A8C0-986DA0EEAB1F}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{DF7F19C2-B026-4E80-9FF2-848B592826B0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E0B93BAF-9BC8-4BDF-B0A4-4CF0B9C336EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E0BDDC0F-C19E-4685-8661-AEFEFA5D7442}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe |
"UDP Query User{E2CD49C2-066D-4595-ADF5-404B54523F2A}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe |
"UDP Query User{E67D977D-DB3A-4793-BD80-612F5F907BF8}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"UDP Query User{EB79A1C8-9ECA-4890-8C51-0B882920A9C4}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe |
"UDP Query User{ED49532B-E489-4F02-9500-7265D4544F72}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"UDP Query User{EF9CF8AC-23D9-4F32-96E4-1A3F2B6841D4}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = Mythos
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"capella2002-v4.0" = capella 2002, Version 4.0
"Cross Fire_is1" = Cross Fire En
"Focus Magic_is1" = Focus Magic 3.02
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.6
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.4.721
"Garena" = Garena
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"hon" = Heroes of Newerth
"IrfanView" = IrfanView (remove only)
"KeyScrambler" = KeyScrambler
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RiseOfImmortals" = Rise of Immortals
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
[color=#E5 |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Mon Dec 26, 2011 5:00 am Post subject: |
|
|
6717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2011 09:15:28 | Computer Name = Michael-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:10:40 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2011 09:16:12 | Computer Name = Michael-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
OTL.Txt:
OTL logfile created on: 26.12.2011 13:11:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
5,14 Gb Paging File | 3,11 Gb Available in Paging File | 60,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 257,18 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.12.26 13:10:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2011.12.25 12:19:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.30 17:51:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.07 18:37:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.05 01:14:58 | 011,932,968 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.25 12:19:22 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.10 20:39:49 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011.12.10 20:39:41 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011.12.10 20:39:41 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011.12.10 20:39:41 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011.12.10 20:39:41 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011.10.19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011.10.15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010.12.13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.06.13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.10.30 17:51:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 23:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.12.15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.25 22:04:56 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.12.18 22:47:30 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.12.18 22:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.12.18 22:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.12.18 22:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.25 09:46:52 | 000,150,016 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009.03.05 09:56:57 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net [binary data]
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 52 69 E3 24 07 CA 01 [binary data]
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: undodetachtab@alice0775:1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 12:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.23 16:47:39 | 000,000,000 | ---D | M]
[2009.06.20 18:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.12.25 12:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions
[2011.10.22 01:57:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 12:37:41 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\keyscrambler@qfx.software.corporation
[2011.10.22 01:57:20 | 000,000,000 | ---D | M] ("Undo Detach Tab") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\undodetachtab@alice0775
[2011.10.22 01:57:21 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\vshare@toolbar
[2011.04.06 09:55:46 | 000,000,931 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\conduit.xml
[2011.12.23 10:49:34 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin-1.xml
[2011.02.24 17:54:10 | 000,001,056 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\startsear.xml
[2011.12.25 12:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6AH6H4JS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.25 12:19:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vshare plugin = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\
O1 HOSTS File: ([2011.12.25 14:10:49 | 000,440,032 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 86.127.71.45 L2authd.lineage2.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15127 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1003..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GRID.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E816D11-4E0D-46C5-B8E1-EE3EABC8F384}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\Shell - "" = AutoRun
O33 - MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{740ac768-f15b-11de-aa0a-00241d1176c4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.12.26 13:13:10 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011.12.23 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Star Wars - The Old Republic
[2011.12.22 21:29:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011.12.22 21:29:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\HeroBlade Logs
[2011.12.22 20:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWtor
[2011.12.19 21:36:09 | 008,876,032 | ---- | C] (Acclaim Software Ltd) -- C:\Windows\SysWow64\FocusMag.dll
[2011.12.19 21:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Magic
[2011.12.19 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Magic
[2011.12.15 23:44:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.15 23:44:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.15 23:44:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.15 23:44:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.15 23:44:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.15 23:44:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.15 23:44:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.15 23:44:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.15 23:44:47 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.15 23:44:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.15 23:44:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.15 19:15:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 19:14:19 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 19:14:16 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.12.26 13:20:06 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002UA.job
[2011.12.26 13:08:03 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 13:08:03 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 13:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.25 20:20:03 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002Core.job
[2011.12.25 14:15:07 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 14:10:49 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.25 14:02:22 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111225-141049.backup
[2011.12.25 13:57:15 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111225-140222.backup
[2011.12.25 12:42:08 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111225-135715.backup
[2011.12.25 12:40:03 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111225-124208.backup
[2011.12.25 12:39:16 | 000,440,032 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111225-124003.backup
[2011.12.24 12:30:44 | 272,696,553 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011.12.22 20:30:51 | 000,063,914 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00223.jpg
[2011.12.22 20:30:49 | 000,000,163 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\PLGComp.ini
[2011.12.22 20:30:19 | 000,056,695 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00222.jpg
[2011.12.22 20:30:02 | 000,061,300 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00219.jpg
[2011.12.22 20:28:35 | 000,068,241 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00207.jpg
[2011.12.22 20:26:00 | 000,031,073 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00210.jpg
[2011.12.20 15:56:40 | 000,070,144 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.20 14:22:18 | 001,451,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.20 14:22:18 | 000,630,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.20 14:22:18 | 000,597,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.20 14:22:18 | 000,127,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.20 14:22:18 | 000,104,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.19 21:55:18 | 000,046,958 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00212 - Kopie.jpg
[2011.12.19 21:43:54 | 000,042,427 | ---- | M] () -- C:\Users\Michael\Desktop\DSC00217 - Kopie.jpg
[2011.12.19 21:14:11 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011.12.18 12:46:25 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011.12.18 01:03:50 | 007,345,428 | ---- | M] () -- C:\Users\Michael\Desktop\MOV00218.3gp
[2011.12.16 15:12:34 | 000,403,280 | ---- | M] () -- C |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Mon Dec 26, 2011 5:02 am Post subject: |
|
|
[2011.12.16 15:12:34 | 000,403,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2011.12.04 01:26:46 | 000,001,356 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.11.28 21:55:24 | 013,677,762 | ---- | M] () -- C:\Users\Michael\Desktop\Lil Jon ft. Eastside Boys - Get Low.mp4
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.25 14:15:07 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.22 20:26:49 | 000,063,914 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00223.jpg
[2011.12.22 20:26:37 | 000,056,695 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00222.jpg
[2011.12.22 20:26:16 | 000,061,300 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00219.jpg
[2011.12.22 20:26:00 | 000,031,073 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00210.jpg
[2011.12.22 20:24:16 | 000,068,241 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00207.jpg
[2011.12.19 21:43:24 | 000,042,427 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00217 - Kopie.jpg
[2011.12.19 21:41:16 | 000,046,958 | ---- | C] () -- C:\Users\Michael\Desktop\DSC00212 - Kopie.jpg
[2011.12.19 21:36:10 | 000,000,163 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PLGComp.ini
[2011.12.19 21:28:27 | 007,345,428 | ---- | C] () -- C:\Users\Michael\Desktop\MOV00218.3gp
[2011.11.28 21:55:00 | 013,677,762 | ---- | C] () -- C:\Users\Michael\Desktop\Lil Jon ft. Eastside Boys - Get Low.mp4
[2011.11.05 17:44:52 | 000,051,186 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room_v3.dat
[2011.10.30 17:51:29 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.23 01:24:15 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.10.22 02:33:38 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.08 17:05:55 | 000,017,408 | ---- | C] () -- C:\Users\Michael\AppData\Local\WebpageIcons.db
[2011.04.15 20:43:15 | 000,046,658 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room.dat
[2010.11.21 11:38:18 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.11.21 11:38:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.12 22:54:46 | 000,129,400 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009.11.15 22:10:18 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.06.21 13:08:57 | 000,070,144 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.20 19:44:49 | 000,085,169 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.20 19:44:40 | 000,085,169 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.20 18:37:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.20 17:15:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.06.20 17:15:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.06.20 17:14:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.20 15:53:35 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.06.20 14:45:30 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2009.03.05 09:56:54 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2011.10.09 23:21:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2010.05.14 12:50:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BitCometLite
[2011.10.22 01:57:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAoC Portal
[2011.07.21 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.04.13 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.26 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Electronic Arts
[2011.08.28 13:43:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FOG Downloader
[2011.02.05 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FVZilla
[2011.10.22 01:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2011.10.22 01:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2010.11.13 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Image Zone Express
[2011.10.22 01:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IrfanView
[2010.07.20 13:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2009.11.27 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.07.25 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Miranda
[2011.01.01 23:49:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mumble
[2010.12.20 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011.07.29 23:25:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Octoshape
[2009.12.06 15:21:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2011.09.08 17:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Opera
[2009.06.20 14:45:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.11.13 21:08:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Printer Info Cache
[2011.10.22 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QFX Software
[2011.02.05 20:03:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RayV
[2011.07.28 15:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2011.11.21 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2011.10.22 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2011.12.25 14:07:18 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011.02.06 01:10:09 | 000,000,656 | ---- | M] () -- C:\BnetLog.txt
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.03.17 14:46:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011.12.25 14:15:07 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 14:10:41 | 015,451,926 | ---- | M] () -- C:\immudebug.log
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011.12.26 00:45:05 | 3427,348,480 | -HS- | M] () -- C:\pagefile.sys
[2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2008.01.21 03:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\SysNative\drivers\nvraid.sys
[2008.01.21 03:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< %windir%\system32\tasks\*.* >
< %windir%\system32\tasks\*.* /64 >
[2011.11.03 20:15:44 | 000,003,710 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002Core
[2011.11.03 20:15:47 | 000,004,106 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002UA
[2011.12.25 19:26:37 | 000,003,706 | ---- | M] () -- C:\Windows\SysNative\tasks\User_Feed_Synchronization-{CA8FCA3E-A3E2-4DA3-8B3A-D86F263A155E}
[2011.08.13 11:09:32 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{14A2B325-DB2D-41BA-AC66-1C8FEB02E10B}
[2011.07.14 11:15:31 | 000,003,208 | ---- | M] () -- C:\Windows\SysNative\tasks\{404A353C-D9D1-457F-AEEF-2300C14B2F81}
[2009.11.15 22:08:11 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{43D8C230-34FC-4CD1-875F-EB19E8576E47}
[2011.07.29 23:29:48 | 000,003,044 | ---- | M] () -- C:\Windows\SysNative\tasks\{83AA32ED-1DD0-4D2E-97F1-AEF3AAB6002D}
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2011.11.03 23:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011.10.22 23:48:55 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /90 >
< %PROGRAMFILES%\*. >
[2010.12.27 11:31:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\3DO
[2011.10.22 22:47:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010.04.09 20:14:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\alaplaya
[2011.10.22 01:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011.02.05 20:01:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2011.09.08 16:49:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010.12.27 11:09:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitLord
[2011.10.22 23:19:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2009.04.29 13:10:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Codemasters
[2011.10.22 22:53:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011.10.22 01:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Counter-Strike 1.6 V35
[2010.05.13 11:53:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2011.04.08 15:45:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2009.06.20 19:48:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EIZO
[2011.02.05 20:10:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2011.07.29 23:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Final Fantasy VII
[2011.12.19 21:36:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Focus Magic
[2011.02.05 20:09:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Video Zilla
[2011.04.14 19:28:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Frogster
[2011.10.22 23:16:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Game Cam V2
[2011.01.28 19:16:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameHi_USA
[2011.07.29 23:03:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gamers.IRC
[2011.05.27 21:45:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GamersFirst
[2011.11.11 18:05:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garena
[2011.10.31 18:55:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Heroes of Newerth
[2011.10.22 01:59:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HeroOnline
[2011.12.19 21:13:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009.03.05 10:01:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011.12.16 15:10:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011.10.22 01:59:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2011.10.22 23:26:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011.10.22 22:52:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011.12.25 12:37:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\KeyScrambler
[2011.10.22 23:51:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 3
[2011.10.22 01:56:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LOLReplay
[2011.07.29 23:29:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011.10.22 02:34:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2011.10.22 01:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.10.22 01:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010.11.07 03:28:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2010.06.26 01:18:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011.12.25 12:19:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006.11.02 16:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009.12.06 15:30:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010.11.15 00:25:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011.07.29 23:24:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mumble
[2010.12.27 11:33:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetBattle
[2011.11.07 20:01:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.10.22 01:56:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2011.10.22 01:56:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera
[2010.07.14 14:04:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2011.10.02 23:19:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Petroglyph
[2011.10.22 01:56:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET
[2010.07.18 12:23:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PPLive
[2011.07.28 15:14:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QS
[2011.10.22 23:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010.10.01 20:09:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RayV
[2009.06.21 13:46:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006.11.02 16:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011.10.22 01:56:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Runes of Magic
[2011.10.22 13:29:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011.12.19 21:16:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony Ericsson
[2011.10.22 13:36:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SplitMediaLabs
[2011.10.22 23:00:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.25 14:16:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2011.01.24 16:32:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stunlock Studios
[2011.12.25 17:48:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SWtor
[2011.10.22 01:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\system
[2011.11.07 19:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2009.06.21 13:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Temp
[2011.07.29 23:25:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2006.11.02 16:36:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2011.10.22 01:56:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2010.02.06 14:35:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2011.10.23 16:47:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\vShare.tv plugin
[2011.11.11 19:21:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Warcraft III
[2011.10.22 13:30:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2009.06.20 18:06:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008.01.21 04:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008.01.21 04:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011.12.16 15:10:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010.10.14 11:32:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006.11.02 16:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009.06.20 18:06:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009.11.18 13:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009.06.20 18:06:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011.10.23 00:10:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2010.08.13 15:45:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Z8Games
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >
< End of report >
TDSSKiller.txt:
13:50:49.0106 1168 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:50:49.0439 1168 ============================================================
13:50:49.0439 1168 Current date / time: 2011/12/26 13:50:49.0439
13:50:49.0439 1168 SystemInfo:
13:50:49.0439 1168
13:50:49.0439 1168 OS Version: 6.0.6002 ServicePack: 2.0
13:50:49.0439 1168 Product type: Workstation
13:50:49.0439 1168 ComputerName: MICHAEL-PC
13:50:49.0440 1168 UserName: Michael
13:50:49.0440 1168 Windows directory: C:\Windows
13:50:49.0440 1168 System windows directory: C:\Windows
13:50:49.0440 1168 Running under WOW64
13:50:49.0440 1168 Processor architecture: Intel x64
13:50:49.0440 1168 Number of processors: 2
13:50:49.0440 1168 Page size: 0x1000
13:50:49.0440 1168 Boot type: Normal boot
13:50:49.0440 1168 ============================================================
13:50:51.0364 1168 Initialize success
13:51:05.0312 5068 ============================================================
13:51:05.0312 5068 Scan started
13:51:05.0312 5068 Mode: Manual;
13:51:05.0312 5068 ============================================================
13:51:08.0343 5068 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:51:08.0371 5068 ACPI - ok
13:51:08.0647 5068 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:51:08.0848 5068 adp94xx - ok
13:51:09.0148 5068 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:51:09.0355 5068 adpahci - ok
13:51:09.0513 5068 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:51:09.0570 5068 adpu160m - ok
13:51:09.0888 5068 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:51:09.0955 5068 adpu320 - ok
13:51:10.0379 5068 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
13:51:10.0405 5068 AFD - ok
13:51:10.0654 5068 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:51:10.0689 5068 agp440 - ok
13:51:10.0795 5068 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:51:10.0818 5068 aic78xx - ok
13:51:10.0867 5068 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:51:10.0869 5068 aliide - ok
13:51:10.0898 5068 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:51:10.0899 5068 amdide - ok
13:51:10.0962 5068 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:51:10.0964 5068 AmdK8 - ok
13:51:11.0134 5068 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:51:11.0193 5068 arc - ok
13:51:11.0254 5068 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:51:11.0268 5068 arcsas - ok
13:51:11.0344 5068 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:11.0359 5068 AsyncMac - ok
13:51:11.0434 5068 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:51:11.0435 5068 atapi - ok
13:51:11.0696 5068 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:51:11.0710 5068 blbdrive - ok
13:51:11.0906 5068 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:51:11.0909 5068 bowser - ok
13:51:11.0939 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:51:11.0948 5068 BrFiltLo - ok
13:51:12.0067 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:51:12.0067 5068 BrFiltUp - ok
13:51:12.0119 5068 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:51:12.0137 5068 Brserid - ok
13:51:12.0166 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:51:12.0186 5068 BrSerWdm - ok
13:51:12.0215 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:51:12.0233 5068 BrUsbMdm - ok
13:51:12.0257 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:51:12.0258 5068 BrUsbSer - ok
13:51:12.0300 5068 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:51:12.0313 5068 BTHMODEM - ok
13:51:12.0343 5068 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:51:12.0347 5068 cdfs - ok
13:51:12.0370 5068 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:51:12.0372 5068 cdrom - ok
13:51:12.0395 5068 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:51:12.0396 5068 circlass - ok
13:51:12.0429 5068 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:51:12.0434 5068 CLFS - ok
13:51:12.0494 5068 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:51:12.0495 5068 CmBatt - ok
13:51:12.0531 5068 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:51:12.0532 5068 cmdide - ok
13:51:12.0607 5068 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:51:12.0609 5068 Compbatt - ok
13:51:12.0623 5068 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:51:12.0628 5068 crcdisk - ok
13:51:12.0664 5068 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:51:12.0669 5068 DfsC - ok
13:51:12.0721 5068 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:51:12.0746 5068 disk - ok
13:51:12.0820 5068 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:51:12.0823 5068 Dot4 - ok
13:51:12.0933 5068 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:51:12.0934 5068 Dot4Print - ok
13:51:12.0973 5068 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:51:12.0975 5068 dot4usb - ok
13:51:13.0034 5068 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:51:13.0035 5068 drmkaud - ok
13:51:13.0339 5068 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:51:13.0356 5068 DXGKrnl - ok
13:51:13.0478 5068 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:51:13.0480 5068 E1G60 - ok
13:51:13.0611 5068 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:51:13.0671 5068 Ecache - ok
13:51:13.0708 5068 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:51:13.0714 5068 elxstor - ok
13:51:13.0756 5068 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:51:13.0757 5068 ErrDev - ok
13:51:13.0799 5068 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:51:13.0817 5068 exfat - ok
13:51:13.0858 5068 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:51:13.0862 5068 fastfat - ok
13:51:13.0904 5068 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:51:13.0906 5068 fdc - ok
13:51:13.0940 5068 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:51:13.0942 5068 FileInfo - ok
13:51:13.0972 5068 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:51:13.0974 5068 Filetrace - ok
13:51:14.0001 5068 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:51:14.0003 5068 flpydisk - ok
13:51:14.0043 5068 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:51:14.0048 5068 FltMgr - ok
13:51:14.0170 5068 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:51:14.0181 5068 Fs_Rec - ok
13:51:14.0220 5068 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:51:14.0222 5068 gagp30kx - ok
13:51:14.0255 5068 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
13:51:14.0266 5068 gdrv - ok
13:51:14.0318 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:51:14.0320 5068 GEARAspiWDM - ok
13:51:14.0358 5068 GGSAFERDriver - ok
13:51:14.0404 5068 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
13:51:14.0405 5068 hamachi - ok
13:51:14.0459 5068 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:51:14.0462 5068 HdAudAddService - ok
13:51:14.0559 5068 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:51:14.0575 5068 HDAudBus - ok
13:51:14.0603 5068 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:51:14.0605 5068 HidBth - ok
13:51:14.0628 5068 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:51:14.0629 5068 HidIr - ok
13:51:14.0688 5068 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:51:14.0694 5068 HidUsb - ok
13:51:14.0723 5068 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:51:14.0725 5068 HpCISSs - ok
13:51:14.0760 5068 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:51:14.0785 5068 HTTP - ok
13:51:14.0809 5068 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:51:14.0811 5068 i2omp - ok
13:51:14.0856 5068 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:51:14.0858 5068 i8042prt - ok
13:51:14.0898 5068 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:51:14.0910 5068 iaStorV - ok
13:51:14.0934 5068 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:51:14.0935 5068 iirsp - ok
13:51:14.0962 5068 IntcAzAudAddService - ok
13:51:15.0000 5068 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:51:15.0001 5068 intelide - ok
13:51:15.0023 5068 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:51:15.0045 5068 intelppm - ok
13:51:15.0094 5068 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:15.0113 5068 IpFilterDriver - ok
13:51:15.0154 5068 IpInIp - ok
13:51:15.0172 5068 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:51:15.0174 5068 IPMIDRV - ok
13:51:15.0203 5068 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:51:15.0205 5068 IPNAT - ok
13:51:15.0239 5068 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:51:15.0240 5068 IRENUM - ok
13:51:15.0273 5068 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:51:15.0274 5068 isapnp - ok
13:51:15.0330 5068 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:51:15.0352 5068 iScsiPrt - ok
13:51:15.0451 5068 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:51:15.0452 5068 iteatapi - ok
13:51:15.0480 5068 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:51:15.0482 5068 iteraid - ok
13:51:15.0501 5068 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:15.0503 5068 kbdclass - ok
13:51:15.0527 5068 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:15.0528 5068 kbdhid - ok
13:51:15.0568 5068 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
13:51:15.0584 5068 KeyScrambler - ok
13:51:15.0642 5068 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
13:51:15.0677 5068 KSecDD - ok
13:51:15.0732 5068 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:51:15.0762 5068 ksthunk - ok
13:51:15.0811 5068 L8042Kbd (c44f9121831f90b0e5385d786591b480) C:\Windows\system32\DRIVERS\L8042Kbd.sys
13:51:15.0813 5068 L8042Kbd - ok
13:51:15.0869 5068 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:51:15.0873 5068 LHidFilt - ok
13:51:15.0893 5068 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:51:15.0895 5068 lltdio - ok
13:51:15.0922 5068 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:51:15.0924 5068 LMouFilt - ok
13:51:15.0942 5068 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:51:15.0945 5068 LSI_FC - ok
13:51:15.0970 5068 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:51:15.0974 5068 LSI_SAS - ok
13:51:16.0030 5068 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:51:16.0043 5068 LSI_SCSI - ok
13:51:16.0053 5068 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:51:16.0059 5068 luafv - ok
13:51:16.0107 5068 LUsbFilt (80e635ffb320912179f40ab3a0307980) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:51:16.0108 5068 LUsbFilt - ok
13:51:16.0199 5068 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:51:16.0200 5068 megasas - ok
13:51:16.0308 5068 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:51:16.0314 5068 MegaSR - ok
13:51:16.0421 5068 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:51:16.0422 5068 Modem - ok
13:51:16.0499 5068 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:51:16.0511 5068 monitor - ok
13:51:16.0531 5068 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:51:16.0532 5068 mouclass - ok
13:51:16.0554 5068 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:51:16.0555 5068 mouhid - ok
13:51:16.0571 5068 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:51:16.0573 5068 MountMgr - ok
13:51:16.0610 5068 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:51:16.0612 5068 MpFilter - ok
13:51:16.0649 5068 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:51:16.0651 5068 mpio - ok
13:51:16.0690 5068 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:51:16.0706 5068 MpNWMon - ok
13:51:16.0723 5068 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:51:16.0740 5068 mpsdrv - ok
13:51:16.0775 5068 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:51:16.0777 5068 Mraid35x - ok
13:51:16.0803 5068 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:51:16.0812 5068 MRxDAV - ok
13:51:16.0860 5068 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:16.0863 5068 mrxsmb - ok
13:51:16.0954 5068 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:16.0996 5068 mrxsmb10 - ok
13:51:17.0205 5068 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:17.0207 5068 mrxsmb20 - ok
13:51:17.0242 5068 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:51:17.0244 5068 msahci - ok
13:51:17.0285 5068 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:51:17.0300 5068 msdsm - ok
13:51:17.0330 5068 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:51:17.0331 5068 Msfs - ok
13:51:17.0357 5068 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:51:17.0359 5068 msisadrv - ok
13:51:17.0398 5068 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:51:17.0415 5068 MSKSSRV - ok
13:51:17.0448 5068 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:17.0449 5068 MSPCLOCK - ok
13:51:17.0477 5068 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:51:17.0479 5068 MSPQM - ok
13:51:17.0535 5068 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:51:17.0545 5068 MsRPC - ok
13:51:17.0602 5068 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:51:17.0643 5068 mssmbios - ok
13:51:17.0668 5068 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:51:17.0669 5068 MSTEE - ok
13:51:17.0678 5068 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:51:17.0679 5068 Mup - ok
13:51:17.0724 5068 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:51:17.0726 5068 NativeWifiP - ok
13:51:17.0769 5068 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:51:17.0778 5068 NDIS - ok
13:51:17.0796 5068 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:17.0797 5068 NdisTapi - ok
13:51:17.0827 5068 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:17.0828 5068 Ndisuio - ok
13:51:17.0868 5068 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:17.0871 5068 NdisWan - ok
13:51:17.0915 5068 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:51:17.0936 5068 NDProxy - ok
13:51:17.0987 5068 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:51:18.0007 5068 NetBIOS - ok
13:51:18.0108 5068 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:51:18.0165 5068 netbt - ok
13:51:18.0211 5068 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:51:18.0213 5068 nfrd960 - ok
13:51:18.0330 5068 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:51:18.0332 5068 NisDrv - ok
13:51:18.0379 5068 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:51:18.0403 5068 Npfs - ok
13:51:18.0450 5068 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:51:18.0462 5068 nsiproxy - ok
13:51:18.0590 5068 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:51:18.0636 5068 Ntfs - ok
13:51:18.0681 5068 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:51:18.0683 5068 Null - ok
13:51:19.0503 5068 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:51:19.0753 5068 nvlddmkm - ok
13:51:19.0890 5068 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:51:19.0892 5068 nvraid - ok
13:51:19.0941 5068 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:51:19.0962 5068 nvstor - ok
13:51:20.0046 5068 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:51:20.0061 5068 nv_agp - ok
13:51:20.0081 5068 NwlnkFlt - ok
13:51:20.0118 5068 NwlnkFwd - ok
13:51:20.0192 5068 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
13:51:20.0194 5068 ohci1394 - ok
13:51:20.0254 5068 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
13:51:20.0256 5068 Parport - ok
13:51:20.0289 5068 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:51:20.0290 5068 partmgr - ok
13:51:20.0323 5068 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:51:20.0326 5068 pci - ok
13:51:20.0344 5068 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:51:20.0345 5068 pciide - ok
13:51:20.0387 5068 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:51:20.0390 5068 pcmcia - ok
13:51:20.0432 5068 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:51:20.0450 5068 PEAUTH - ok
13:51:20.0586 5068 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:51:20.0603 5068 PptpMiniport - ok
13:51:20.0631 5068 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:51:20.0633 5068 Processor - ok
13:51:20.0682 5068 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:51:20.0684 5068 PSched - ok
13:51:20.0731 5068 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:51:20.0776 5068 ql2300 - ok
13:51:20.0797 5068 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:51:20.0801 5068 ql40xx - ok
13:51:20.0834 5068 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:51:20.0855 5068 QWAVEdrv - ok
13:51:20.0881 5068 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:51:20.0883 5068 RasAcd - ok
13:51:20.0904 5068 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:51:20.0908 5068 Rasl2tp - ok
13:51:20.0946 5068 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:51:20.0948 5068 RasPppoe - ok
13:51:20.0986 5068 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:51:20.0988 5068 RasSstp - ok
13:51:21.0037 5068 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:51:21.0041 5068 rdbss - ok
13:51:21.0127 5068 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:51:21.0134 5068 RDPCDD - ok
13:51:21.0172 5068 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:51:21.0176 5068 rdpdr - ok
13:51:21.0217 5068 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:51:21.0218 5068 RDPENCDD - ok
13:51:21.0278 5068 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:51:21.0285 5068 RDPWD - ok
13:51:21.0314 5068 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:51:21.0316 5068 rspndr - ok
13:51:21.0349 5068 RTL8169 (479f29909b9a48726a07971662f77316) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:51:21.0351 5068 RTL8169 - ok
13:51:21.0377 5068 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:51:21.0379 5068 sbp2port - ok
13:51:21.0410 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:51:21.0411 5068 secdrv - ok
13:51:21.0446 5068 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
13:51:21.0468 5068 Serenum - ok
13:51:21.0492 5068 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
13:51:21.0493 5068 Serial - ok
13:51:21.0515 5068 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:51:21.0516 5068 sermouse - ok
13:51:21.0555 5068 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:51:21.0556 5068 sffdisk - ok
13:51:21.0572 5068 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:51:21.0573 5068 sffp_mmc - ok
13:51:21.0596 5068 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:51:21.0597 5068 sffp_sd - ok
13:51:21.0626 5068 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:51:21.0627 5068 sfloppy - ok
13:51:21.0675 5068 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:51:21.0690 5068 SiSRaid2 - ok
13:51:21.0714 5068 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:51:21.0715 5068 SiSRaid4 - ok
13:51:21.0760 5068 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:51:21.0794 5068 Smb - ok
13:51:21.0848 5068 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:51:21.0849 5068 spldr - ok
13:51:21.0883 5068 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:51:21.0889 5068 srv - ok
13:51:21.0938 5068 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:51:21.0945 5068 srv2 - ok
13:51:22.0006 5068 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:51:22.0008 5068 srvnet - ok
13:51:22.0144 5068 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:51:22.0176 5068 swenum - ok
13:51:22.0345 5068 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:51:22.0347 5068 Symc8xx - ok
13:51:22.0397 5068 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:51:22.0399 5068 Sym_hi - ok
13:51:22.0444 5068 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:51:22.0456 5068 Sym_u3 - ok
13:51:22.0545 5068 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
13:51:22.0567 5068 Tcpip - ok
13:51:22.0597 5068 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
13:51:22.0610 5068 Tcpip6 - ok
13:51:22.0637 5068 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
13:51:22.0639 5068 tcpipreg - ok
13:51:22.0668 5068 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:51:22.0669 5068 TDPIPE - ok
13:51:22.0708 5068 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:51:22.0716 5068 TDTCP - ok
13:51:22.0744 5068 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:51:22.0746 5068 tdx - ok
13:51:22.0773 5068 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:51:22.0792 5068 TermDD - ok
13:51:22.0820 5068 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:51:22.0822 5068 tssecsrv - ok
13:51:22.0861 5068 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:51:22.0862 5068 tunmp - ok
13:51:22.0904 5068 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:51:22.0905 5068 tunnel - ok
13:51:22.0939 5068 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:51:22.0957 5068 uagp35 - ok
13:51:23.0017 5068 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:51:23.0020 5068 udfs - ok
13:51:23.0061 5068 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:51:23.0062 5068 uliagpkx - ok
13:51:23.0089 5068 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:51:23.0104 5068 uliahci - ok
13:51:23.0125 5068 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:51:23.0128 5068 UlSata - ok
13:51:23.0153 5068 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:51:23.0156 5068 ulsata2 - ok
13:51:23.0235 5068 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:51:23.0237 5068 umbus - ok
13:51:23.0304 5068 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:51:23.0305 5068 USBAAPL64 - ok
13:51:23.0375 5068 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:51:23.0378 5068 usbccgp - ok
13:51:23.0409 5068 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:51:23.0411 5068 usbcir - ok
13:51:23.0460 5068 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:51:23.0481 5068 usbehci - ok
13:51:23.0546 5068 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:51:23.0550 5068 usbhub - ok
13:51:23.0667 5068 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:51:23.0669 5068 usbohci - ok
13:51:23.0736 5068 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:51:23.0738 5068 usbprint - ok
13:51:23.0832 5068 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:51:23.0834 5068 usbscan - ok
13:51:23.0868 5068 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:51:23.0889 5068 USBSTOR - ok
13:51:23.0920 5068 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:51:23.0938 5068 usbuhci - ok
13:51:23.0993 5068 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:51:23.0995 5068 vga - ok
13:51:24.0015 5068 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:51:24.0017 5068 VgaSave - ok
13:51:24.0054 5068 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:51:24.0055 5068 viaide - ok
13:51:24.0075 5068 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:51:24.0081 5068 volmgr - ok
13:51:24.0177 5068 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:51:24.0189 5068 volmgrx - ok
13:51:24.0259 5068 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:51:24.0278 5068 volsnap - ok
13:51:24.0306 5068 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:51:24.0328 5068 vsmraid - ok
13:51:24.0363 5068 vtany - ok
13:51:24.0510 5068 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:51:24.0512 5068 WacomPen - ok
13:51:24.0563 5068 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:24.0566 5068 Wanarp - ok
13:51:24.0584 5068 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:51:24.0586 5068 Wanarpv6 - ok
13:51:24.0647 5068 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:51:24.0648 5068 Wd - ok
13:51:24.0699 5068 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:51:24.0721 5068 Wdf01000 - ok
13:51:24.0851 5068 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:51:24.0853 5068 WmiAcpi - ok
13:51:24.0921 5068 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:51:24.0934 5068 WpdUsb - ok
13:51:25.0001 5068 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:51:25.0003 5068 ws2ifsl - ok
13:51:25.0047 5068 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:51:25.0049 5068 WUDFRd - ok
13:51:25.0141 5068 X6va001 - ok
13:51:25.0167 5068 X6va002 - ok
13:51:25.0184 5068 X6va003 - ok
13:51:25.0229 5068 X6va005 - ok
13:51:25.0277 5068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:51:25.0310 5068 \Device\Harddisk0\DR0 - ok
13:51:25.0320 5068 Boot (0x1200) (36be430ea7a868aacbe2cbbe340d6a41) \Device\Harddisk0\DR0\Partition0
13:51:25.0339 5068 \Device\Harddisk0\DR0\Partition0 - ok
13:51:25.0339 5068 ============================================================
13:51:25.0340 5068 Scan finished
13:51:25.0340 5068 ============================================================
13:51:25.0375 2240 Detected object count: 0
13:51:25.0375 2240 Actual detected object count: 0 |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 17 May 2013
Posts: 9695
Location: Yorkshire
|
| Posted: Mon Dec 26, 2011 9:07 am Post subject: |
|
|
OK, we've got a few things to do ....
First
Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:
| Quote: |
| Java(TM) 6 Update 29 (64-bit) |
Old versions of Java can be exploited. We'll update to the latest version later.
Reboot your computer when finished.
Next
- Double click OTL.exe to launch the programme.
- Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
| Code: |
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA5E9B3-8136-4824-A206-76EA068470E0}"=-
"{47B504EE-D3FA-41D7-B824-633022B42214}"=
"TCP Query User{2C962C0D-07E3-4811-AF8A-4C030D275F34}C:\program files (x86)\bitlord\bitlord.exe"=-
"TCP Query User{8DAF79E7-AE55-4415-99E1-FCAAAA58DC08}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe"=-
"UDP Query User{927BFBD9-B395-4703-AF83-DDCF82CD0E6C}C:\program files (x86)\bitlord\bitlord.exe"=-
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net [binary data]
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
[2011.04.06 09:55:46 | 000,000,931 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\conduit.xml
[2011.12.23 10:49:34 | 000,000,950 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin-1.xml
[2011.02.24 17:54:10 | 000,001,056 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\startsear.xml
[2011.10.22 01:57:21 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\vshare@toolbar
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe] File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GRID.lnk = File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O33 - MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\Shell - "" = AutoRun
O33 - MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{740ac768-f15b-11de-aa0a-00241d1176c4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
:Files
C:\Users\Michael\AppData\Roaming\BitCometLite
C:\Users\Michael\AppData\Roaming\uTorrent
C:\Program Files (x86)\BitLord
c:\program files (x86)\avg
c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe
ipconfig /flushdns /c
:Commands
[emptytemp]
[resethosts] |
- Click the Run Fix button.
- OTL will now process the instructions.
- When finished a box will open asking you to open the fix log, click OK.
- The fix log will open.
- Copy/Paste the log in your next reply please.
Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
Next
Please download Malwarebytes' Anti-Malware to your Desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- Click on the Malwarebytes' Anti-Malware icon to launch the programme.
- Click the Updates tab.
- Click Check for Updates and allow the programme to download the latest definitions.
- Click the Scanner tab.
- Check Perform Quick Scan.
- Click Scan and wait for the scan to complete.
- When the scan is complete, click OK, then Show Results.
- Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
- A box will pop-up telling you that files have been quarantined.
- A log will pop-up.
- Post the log in your next reply please.
You can also access the log by doing the following
- Click on the Logs tab.
- Click on the log at the bottom of those listed to highlight it.
- Click Open
Next
Please run a scan with ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go HERE then click on:
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log in your next reply please.
- Now click on:
 (Selecting Uninstall application on close if you so wish)
Summary of the logs I need from you in your next post:
- OTL fix log
- MBAM log
- E-Set log
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Are your searches still being re-directed ?
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Tue Dec 27, 2011 9:31 am Post subject: |
|
|
OTL
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EA5E9B3-8136-4824-A206-76EA068470E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA5E9B3-8136-4824-A206-76EA068470E0}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{47B504EE-D3FA-41D7-B824-633022B42214}"| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2C962C0D-07E3-4811-AF8A-4C030D275F34}C:\program files (x86)\bitlord\bitlord.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DAF79E7-AE55-4415-99E1-FCAAAA58DC08}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{927BFBD9-B395-4703-AF83-DDCF82CD0E6C}C:\program files (x86)\bitlord\bitlord.exe deleted successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-1999053676-3161577315-4271355828-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" removed from keyword.URL
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\conduit.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\6ah6h4js.default\searchplugins\startsear.xml moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\vshare@toolbar\META-INF folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\vshare@toolbar folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully.
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully.
File C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_USERS\S-1-5-21-1999053676-3161577315-4271355828-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\Program Files (x86)\Free Video Zilla\FVZilla.exe deleted successfully.
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GRID.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2acd3207-e58f-11de-b27f-00241d1176c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2acd3207-e58f-11de-b27f-00241d1176c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2acd3207-e58f-11de-b27f-00241d1176c4}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{740ac768-f15b-11de-aa0a-00241d1176c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{740ac768-f15b-11de-aa0a-00241d1176c4}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
C:\Windows\SysWow64\tmpE526.tmp deleted successfully.
C:\Windows\SysWow64\tmpE620.tmp deleted successfully.
File delete failed. C:\Windows\SysNative\SET837C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET868B.tmp scheduled to be deleted on reboot.
C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Michael\AppData\Local\SIT15447.tmp\$shtdwn$.req folder deleted successfully.
C:\Users\Michael\AppData\Local\SIT15447.tmp folder deleted successfully.
C:\kleaner.tmp\kln311F.tmp deleted successfully.
C:\kleaner.tmp folder deleted successfully.
========== FILES ==========
C:\Users\Michael\AppData\Roaming\BitCometLite\downloads folder moved successfully.
C:\Users\Michael\AppData\Roaming\BitCometLite folder moved successfully.
C:\Users\Michael\AppData\Roaming\uTorrent folder moved successfully.
C:\Program Files (x86)\BitLord\Torrents folder moved successfully.
C:\Program Files (x86)\BitLord\rules folder moved successfully.
C:\Program Files (x86)\BitLord\lang folder moved successfully.
C:\Program Files (x86)\BitLord\Downloads\Final Fantasy VII (PC) Ultima Edition folder moved successfully.
C:\Program Files (x86)\BitLord\Downloads folder moved successfully.
C:\Program Files (x86)\BitLord folder moved successfully.
c:\program files (x86)\AVG folder moved successfully.
File\Folder c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michael\Downloads\cmd.bat deleted successfully.
C:\Users\Michael\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 7307823 bytes
->Temporary Internet Files folder emptied: 311919 bytes
User: Heroes of Might and Magic
User: Michael
->Temp folder emptied: 1466931 bytes
->Temporary Internet Files folder emptied: 154699839 bytes
->Java cache emptied: 643053 bytes
->FireFox cache emptied: 157696 bytes
->Google Chrome cache emptied: 9389152 bytes
->Opera cache emptied: 4259223 bytes
->Flash cache emptied: 3426659 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93736 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 734 bytes
RecycleBin emptied: 607260 bytes
Total Files Cleaned = 176,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12272011_161526
Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET837C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET868B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot... |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Tue Dec 27, 2011 9:32 am Post subject: |
|
|
Malwarebytes
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122702
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
27.12.2011 16:33:47
mbam-log-2011-12-27 (16-33-47).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 212807
Laufzeit: 6 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\heroes of might and magic\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully. |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Tue Dec 27, 2011 9:34 am Post subject: |
|
|
ESET
taller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2fde3eac17db1d418a28876276cf5df2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-27 05:23:28
# local_time=2011-12-27 06:23:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 428520 162524221 0 0
# compatibility_mode=8192 67108863 100 0 3770 3770 0 0
# scanned=234906
# found=0
# cleaned=0
# scan_time=6292 |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Tue Dec 27, 2011 9:42 am Post subject: |
|
|
| Thanks a lot for ur help. Search results are working fine now. |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 17 May 2013
Posts: 9695
Location: Yorkshire
|
| Posted: Tue Dec 27, 2011 2:43 pm Post subject: |
|
|
Looks like we got everything, time for a little tidying up.
Let's clear out OTL and the files and folders it created.
- Double click OTL.exe to launch the programme.
- Click on the CleanUp! button.
- OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
- You will be prompted to allow the clean up procedure, click Yes
- When finished exit out of OTL
- Now delete OTL.exe (if still present).
Malwarebytes' Anti-Malware is Freeware, so you can keep or remove it as you wish. Personally I think its one of the better Anti-Spyware scanners around at the moment. However if you wish to remove it, use Control Panel > Programs > Uninstall a program
As far as I can see, your computer looks clear of infection now.
Are you still noticing any problems ?
- If you are let me know about them.
- If not it's time to make your computer more secure.
Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
If your computer is running slowly after your clean up, please read.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Luke1410
Newbie
Joined: 25 Dec 2011
Last Visit: 30 Dec 2011
Posts: 6
|
| Posted: Thu Dec 29, 2011 3:56 am Post subject: |
|
|
| Thanks once again for ur help. Best regards Stefan |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 17 May 2013
Posts: 9695
Location: Yorkshire
|
| Posted: Thu Dec 29, 2011 5:17 am Post subject: |
|
|
You're welcome, glad we could help. 
| Quote: |
This topic is now closed.
If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations
Gary R |
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
