1. ## Viruses and Me

I'm pretty new to forums, and certainly new to requesting help via forums so hopefully i'm not too much trouble ^_^.

I ran spybot and got W3i.IQ5.fraud detected. The fixing failed.

This system was used by four college kids for a while so it has picked up a number of viruses and probably a rootkit or two over the years which have been for the most part kept in check with amateur fixes of varius types...many virus removal tools and most likely some registry checks/editors have been run by my cousin at some point in the past.

Now I'm the only person who will be using it and i would love to finally clean this without missing some underlying problem.

I noticed that the DDS log shows AVG enabled and updated...I'm almost positive that was removed, or was intended to be removed to make room for malwarebytes. I'm not even sure if those do the same things but that's what i remember. I can't visually see AVG anywhere except for a broken shortcut in a desktop folder.

Two things to note perhaps...there's a shortcut labeled iExplorere.exe that has a wierd picture and prompts me before it will open (I did not open it), and about two weeks ago my internet stopped working via ethernet cable (cable not detected)...that one's probably hardware but i read somewhere this W3i thing could mess with hardware.

THANK YOU FOR YOUR TIME I KNOW THIS ISN'T EASY, and hopefully i didn't miss anything/drone on about things that don't matter.

Here's the short spybot log .

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()

W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, fixing failed) C:\Windows\System32\AI_RecycleBin\ ...and here's the not so short DDS log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by richard at 21:47:55 on 2012-05-22 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3582.2277 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\RegServe\RSListener.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [FileCleaner-Pro] c:\program files\file cleaner pro\FileCleaner-Pro.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Skytel] Skytel.exe mRun: [RSListener] c:\program files\regserve\RSListener.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7} : DhcpNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A} : DhcpNameServer = 192.168.0.1 205.171.2.25 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-28 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-1 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-20 2348352] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-1 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?] S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-9-27 47624] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176] S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-05-14 21:51:59 -------- d-----w- c:\program files\Diablo III 2012-05-14 08:18:43 -------- d-----w- c:\users\richard\Diablo-III-8370-enUS-Installer 2012-05-11 09:02:10 -------- d-----w- c:\programdata\ONScripter-En 2012-05-11 09:02:10 -------- d-----w- c:\programdata\Moonshine 2012-05-11 08:58:43 -------- d-----w- c:\program files\Moonshine 2012-05-04 09:13:45 -------- d-----w- c:\program files\1ClickDownload 2012-04-26 09:26:57 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-26 09:26:57 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-26 09:26:57 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-26 09:26:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-26 09:20:05 -------- d-sh--w- c:\windows\system32\%APPDATA% . ==================== Find3M ==================== . 2012-05-05 09:36:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 09:36:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-21 02:22:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll 2012-02-29 23:59:00 19444544 ----a-w- c:\windows\system32\nvoglv32.dll 2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll 2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-02-29 19:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 21:48:16.05 =============== Sorry about those two links there...not sure why there's links in a log but i'm pretty sure at least the sushi one is malicious. Not sure what i should do. 2. Please read Before You Post While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss. Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run. Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR AVG is a Antivirus program, Malwarebytes is a Anti Malware, you can keep them both. Does AVG run at all ? Dont fool around with any registry cleaners, if the wrong entries are removed it can make your system unbootable. Open Malwarebytes, go to the update tab and update it, then the scan tab and run the quick scan and post the log please OTL by OldTimer • Download OTL to your desktop. • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. • When the window appears, underneath Output at the top change it to Minimal Output. • Click the "Scan All Users" checkbox. • Check the boxes beside LOP Check and Purity Check. • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. 3. No, AVG does not run at all from what i can tell. Can't find any trace of it anywhere except at the beginning of that LOP check section of the OTL log. I did find "AVG_remover_stf_x86_2012_1796" in start search along with its run log. -------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.31.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 richard :: BILL [administrator] Protection: Enabled 5/31/2012 12:44:25 AM mbam-log-2012-05-31 (00-44-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217656 Time elapsed: 1 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------- OTL logfile created on: 5/31/2012 12:47:13 AM - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free 7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free Paging file location(s): Reg Error: Value error. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BILL | User Name: richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\RegServe\RSListener.exe () PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Vista Anti-Lag\val.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Program Files\RegServe\RSListener.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Vista Anti-Lag\val.exe () ========== Win32 Services (SafeList) ========== SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation) SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe () ========== Driver Services (SafeList) ========== DRV - (mbr) -- C:\Users\richard\AppData\Local\Temp\mbr.sys File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation) DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation) DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic) DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation) DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation) DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation) DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation) DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation) DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation) DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation) DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation) DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation) DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation) DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation) DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation) DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation) DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation) DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation) DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation) DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation) DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation) DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation) DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation) DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation) DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation) DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation) DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation) DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation) DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation) DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation) DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation) DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation) DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/ IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/02/21 14:47:27 | 000,440,055 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15133 more lines... O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found. O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [FileCleaner-Pro] C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe (WebMinds Inc) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe [2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2 [2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III [2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine [2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine [2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine [2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/31 00:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe [2012/05/30 23:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/30 16:46:23 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2012/05/30 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip [2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk [2012/05/22 17:24:46 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/22 17:24:46 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/22 17:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/22 17:18:19 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat [2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip [2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk [2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys [2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini [2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe [2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011/05/13 03:21:06 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\AVG10 [2010/11/09 02:46:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\BitZipper [2011/01/31 20:55:21 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\EurekaLog [2011/12/21 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LimeWire [2011/05/07 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient [2012/05/23 04:27:52 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient2 [2012/04/06 19:54:32 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Mumble [2011/12/21 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\MusicNet [2012/01/01 08:11:10 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Octoshape [2012/01/01 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Origin [2012/03/16 07:48:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RenPy [2012/01/01 08:30:23 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RIFT [2009/11/12 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\SystemRequirementsLab [2012/04/11 01:39:59 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\TS3Client [2009/03/14 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Unity [2011/10/18 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\wargaming.net [2010/11/09 02:47:17 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\WeatherBug [2008/10/01 20:47:32 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job [2012/05/22 16:44:34 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB14701$] -> Error: Cannot create file handle -> Unknown point type < End of report > 4. OTL Extras logfile created on: 5/31/2012 12:47:13 AM - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free 7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free Paging file location(s): Reg Error: Value error. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BILL | User Name: richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile  -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile  -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{129047F0-65A3-4542-B3D1-D08358DABC46}" = rport=138 | protocol=17 | dir=out | app=system | "{46325486-4C79-4B92-B5A3-9671E325CF0E}" = rport=139 | protocol=6 | dir=out | app=system | "{51DA498E-F129-423F-AB86-87567ECDAF71}" = lport=139 | protocol=6 | dir=in | app=system | "{6149145F-F3E5-4A73-9700-DF2CED6B44AC}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{6D62BDE0-015D-4565-8ACB-6ACF542692FB}" = lport=445 | protocol=6 | dir=in | app=system | "{8C8531AB-8274-4F26-80DE-0B7D222D8C9B}" = rport=137 | protocol=17 | dir=out | app=system | "{8DC9C3AA-0F2A-4BF4-BB87-3FA44DDDB480}" = rport=445 | protocol=6 | dir=out | app=system | "{98B9AF27-02A6-4EA7-A872-7BE85E265451}" = lport=137 | protocol=17 | dir=in | app=system | "{9DC461B9-0EB3-4D4C-9A67-9303A004738A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A74A2B2A-6DBE-40AC-9522-865DEE24787A}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader: 6112 | "{B7964D78-BCCC-4328-9936-30ED155A9F2E}" = lport=138 | protocol=17 | dir=in | app=system | "{ED1B5868-03C4-4A46-8F1A-D8B25F9DB73E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01A85AAC-0708-43B0-9D92-35F55B0FD7D9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{01FBCB8A-F4CF-4D38-BA81-62D577EFE127}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{03B793EE-64C1-4CAD-B290-05022AAA3319}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{04110C6F-DBF2-4F55-9869-D7A17097E867}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{048EE002-2ECD-4765-8D31-2E8D1AFA54F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{074FBA8C-0D47-4BF7-848D-BB96AD4E1A63}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{08E4DAC1-55CA-4CC5-9CC5-A82A1F086CC2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe | "{0D15721C-0748-41C5-9DDE-3C3B3FB0DBED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{102D3171-ED31-4210-98B9-58AC5AF188B3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{10AA92A2-84D4-4E6A-9F20-D1F93752219A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe | "{111587BA-F7BF-405A-9544-5822B625CC05}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{12CE5B83-C79D-4636-AA49-C89FFA577FC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{130EDF7A-F98F-4922-A652-C0D9C706E0EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{14444D68-70D4-4992-B419-3EF1E94DBE4E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{15ECFBFA-3521-4F7F-B36B-4BC05D130009}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe | "{175C51DB-AD25-49D4-B1F5-EFDA900A12A3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe | "{18E3ECE8-89F1-4D38-89D7-57E452A47E93}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe | "{1B0842D7-9E27-4958-9FC5-4D9333D0AA6C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{1BD78863-1FB0-4F8B-B518-2EE40E2C0013}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{1E67325F-045E-43E5-88AB-C7C94E1113E7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{1EA3C00C-932A-4EA7-A4DE-C2DDC82CF998}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{1F3C9FCC-A0FA-48DE-85EE-112DD31E4B0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{21A6D3AE-0D6A-4620-A982-EDA3DDF53D62}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{255CA6C0-6AE0-4641-B771-128B33566D2A}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe | "{2652A87E-C143-44AB-8E13-5ED402440EAB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{268A101D-B2F5-45E6-827A-3CA242EF4BF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{270D21E6-92CE-4617-834B-3ABC20084451}" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe | "{289BB8E8-9DBA-4430-9FAD-8384CFC06B32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{290F91DA-7389-405B-9E0E-F509239B0711}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe | "{2B12159A-C15C-4D81-8442-158DEF899E45}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe | "{2B97A230-6242-4274-831F-8516A6795998}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{2BF1AC15-7B9A-465E-8462-CF08E2ECF562}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{2C7B69CB-844F-4887-904D-43821787CFBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe | "{309D2B98-7CC4-4953-B58A-4C1E3C40CF5C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{30BB10B0-64EE-4E1F-9059-C2305ACF291A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm | "{3219AFB6-9CEF-4DCF-84B3-21415164E107}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{33A6614E-0A1F-4AFC-8F3D-7E85489F1859}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe | "{34CFB46B-BA9F-409D-B704-9B8C56907843}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{3A9AC9C7-118C-401A-8511-C3BFB33117B7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{3B5DFD94-D5E9-49FC-B9FB-11935BC888D5}" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe | "{3B6CF03F-5929-439F-9A76-DB3FB820D7AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe | "{3D2EBF2E-340A-4664-85E1-77A2D0A5DC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3DDA37E8-64D4-412B-A3DF-8348ACB95E79}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe | "{40809F92-E686-4B6F-B0A6-3740C7970CB1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4360EA86-C047-4A1F-AACE-0D10C9A78F96}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{45A1C234-F75F-4203-9FDF-897D45BABABA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{45D785BC-0AC4-4B69-8AF5-20CC6A2741C7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{46AF020C-05E5-4A6C-BC32-3F1611C7BA3B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{4B0B91A2-DFCA-4A49-A2EC-1AB159099FA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{4CF3A253-D1C6-44DB-9134-1569B2356944}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{4D34BE7D-61C6-4E14-8719-7E3C9DE1C555}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{4FA75AF9-DA6A-432E-B90E-DFB9748A072E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{4FF400D8-198D-44D1-A2E3-BA70C4BF8BED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{505F7841-B300-455A-80A9-32423751B4AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{50E80CE7-B642-46C8-92FA-DA13D28A5635}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe | "{551A032E-3713-4F68-AC1C-E101CCED4679}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{551CD340-98AE-420E-B820-626FAF38703D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe | "{56FFF819-2D62-469F-96B2-683C0AE1C8BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{591F4490-818A-4D0A-BC3E-55B7009AA25B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{5E58F6C4-5E9C-4484-B799-C1D82A23811F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{60ACE5FD-0671-44F3-A99A-5D07C1ABB070}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe | "{6475AD64-C59C-408F-BA2F-C5644A9ECE54}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{66AB1082-DABA-4794-8CE2-ED93C486E705}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{6805A50B-E126-42D6-B1FF-6715D671E05E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{6AD2F3DB-B625-4202-B901-6C277EB2D4B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{6AE99EF6-19B4-4075-AD7A-0CDDD08846F3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe | "{6C9D5E83-3F95-4C90-8C9D-0CEFF2252BF6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe | "{6CE5AFD3-B1E1-4560-B11B-F1B05A680090}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{6DF6873B-5558-46B2-B6EA-66573F467C86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{6E50C3E1-0B29-4C9F-9291-E2133A848E3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{6E660239-7C88-4D90-A930-2057507D03EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{6E973155-5410-4412-8F06-C62C3A439432}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe | "{7825E7C6-9A5B-4E0E-862F-761B2332771C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe | "{7BF99AD6-3AAC-4ABB-9EDE-259EC9600B1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7C71D58C-01A1-40FE-B2D2-9FB14166FFAE}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe | "{7CDF3919-BD6E-4CCB-A21F-CA42695C6833}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe | "{868C724A-63E8-4BF6-AE52-C63CCBA35E69}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{88FEF702-2979-493C-A16B-76509CEC9A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89E98773-CDB4-4CE7-B473-C249323E5105}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{8D6574AD-9266-477C-B9CF-F26FC5525AE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{8D6793A4-C697-4954-A0F9-F76D1BFA7E8E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | "{8FB8A25C-B9A3-4C52-ABC4-1BD9824EC3CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe | "{90723E2F-56DD-4293-A06B-A511AC3D4CD7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe | "{94C77DF5-BC73-422A-B06E-EE2B776D461D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe | "{965470C3-1646-4E9A-936E-8B21CD33741B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{9753DD48-C02D-48CA-9B90-20E5A39C1B09}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{97C2B38A-68B9-4D73-8121-9269564BAE2D}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe | "{97EA33B9-F27B-41BB-80B6-70405604665A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{98A30F60-AFCD-477B-B769-79F69268AE4A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{9A22A4E7-3F06-46F3-BFE4-6EF650A32729}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | "{A1F13F54-1010-4797-B64E-593AC4845B34}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{A59E5848-16AE-4010-B119-27DADF2A002C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe | "{A5F80F71-0016-4BE3-9BE6-70ADAA19EBC8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe | "{A842B4C3-494D-4E9B-92FE-683E853D870C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe | "{A8AB56DD-77C5-4C35-88A6-520BFC14D6D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{A9CEF112-EFC7-4B17-B137-739526A5FC95}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe | "{AA6C8133-DB2C-408D-9BCC-5BB1721DF106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{ABB0C38A-30C4-411F-83C8-26251520FF02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{ADBEB06F-0279-42B6-8434-5EBB50836C16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe | "{AE31E958-08C8-40F1-A00B-CB29DED15DB3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe | "{AF583A28-FD6A-4F65-9856-DB697142A8BF}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "{B04BB4D6-A3A8-4911-A4D3-E6AB1180732D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe | "{B1524640-A117-4108-A179-2EA1D566C836}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe | "{B328BB98-412F-420F-B4B5-87E9FE553BFA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe | "{B3B9321C-2BB6-4A65-9D8C-E864F09968DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm | "{B9FA3C2B-F66C-4295-BF26-D06C769DA289}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{BCA5506E-2645-4960-86E0-213AA3FCC11A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{BED3CD03-223B-4B16-A3B1-861009AC20DD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{C551DA88-A3C7-4609-94D2-E556494B921E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CB86B4D0-6E87-45EA-AECB-D515DA8DB249}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe | "{CDAFED9D-5971-4D52-B185-BE58110A3901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{D197A340-D247-48C2-8DB7-36268345E113}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{D3FE1508-60EC-4BCE-AA5B-D4DC3468D2C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{D746DBD6-723A-44E2-B4D2-6C0D1371A190}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{D75E6BBD-3EDB-4F0A-8602-DD0E5D7E7477}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{DB699EDA-1EFB-40F0-AE48-598B0930379A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{DD855CAB-F25A-45A8-8B13-9D495FE3FFEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe | "{DEAD55E2-4865-4DD9-9A8E-984DEEFA43A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{E557D94A-C342-4468-8D12-AA8C35EF511D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E7050F9C-2E18-4F70-8AB7-8D6E1DD2FBAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{E94CAA9E-03E1-4584-B561-C9BDE2D3FB56}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EFB29D85-B83B-450E-8636-A25B4BDF867B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{F1C13C2A-382E-401E-B4E1-C17174364D53}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe | "{F32ABA4D-974A-4D70-93E6-DBCCAEEDBF9E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{F4EAD67B-4D70-41BB-9E84-1B55C0383009}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe | "{FAE7AE62-1FA7-41A8-84F6-2DCD91A5E648}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe | "{FD1C6C9D-FE5C-47C8-B579-2DE9BDC82DDB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{FDC89089-DF59-48D7-8196-7D9081F24367}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe | "TCP Query User{009BBC87-7522-4F8E-88C5-4340484DD343}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "TCP Query User{02B6D46F-EAE8-409E-9D63-B705C7A20B2D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe | "TCP Query User{035DCA46-1906-432E-A11E-73905FA28BFF}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | "TCP Query User{03E3DE6D-3D0D-4088-91E6-C8D527BCD187}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{048D29D7-7D99-47B1-8FC9-726A0844B689}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "TCP Query User{0870B23B-ACDB-4DE0-8969-50DEA4D162F1}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe | "TCP Query User{09169BD3-3B9C-42FE-83C4-2F61ABA75ED1}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | "TCP Query User{0E6C0BB4-B2D4-4DC7-BEA9-C49209B02B16}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{0F7E8198-F86E-442D-A42B-4C839D27DBB5}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe | "TCP Query User{1362C5A7-24D8-4488-BC75-C64AA03B1CCA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{1514D36D-EA88-41DA-8A32-AC06C8D8A272}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{18B42327-9FA6-410F-8BD7-763A8E40F340}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe | "TCP Query User{1932AE47-140D-43EB-8F0C-7C7CAA1141B4}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe | "TCP Query User{1963B85A-5E93-4960-91E2-B3E76345749B}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{26167E64-E2E6-44A0-9346-33D3697EF557}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | "TCP Query User{2CDA4E80-B16F-4A36-BC04-295BBD89AE6F}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "TCP Query User{2D4DFBA1-66C0-435B-ADDC-9F7531CCA697}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{310CC811-9E87-43C1-B9E0-5BEF03C93C2D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "TCP Query User{33D5494E-DEFE-4A5F-B0DF-F3E5FC33F715}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "TCP Query User{36634C55-E2A5-4E19-89BE-3309F6243769}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | "TCP Query User{3A294DAB-B553-4B1D-93AC-C25D509DAE7D}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe | "TCP Query User{3F8E4723-6552-4A68-B15C-DAA88E8DC13A}C:\users\richard\downloads\curseclient.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\curseclient.exe | "TCP Query User{47A5D64C-635A-4774-891B-B77297CA1E1E}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "TCP Query User{4B15D65B-441E-492F-995D-8696DADDFD42}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe | "TCP Query User{4CF9ADF9-E346-45AF-AF0D-4AABEB06C935}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe | "TCP Query User{514E0C9C-6031-4AC0-8044-B3C656A41C22}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe | "TCP Query User{51E7E566-3C4C-4184-885C-4DF30ACE2FE0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{5525AF59-2BCA-4AAB-906E-E72E92D891B4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{60EAF469-A392-44B7-A3CD-FCCD1FEED6E8}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "TCP Query User{64D536FF-E4B3-455E-B947-E5D2952605AA}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | "TCP Query User{68EA163B-9825-4A8E-B082-AED0FFBA4EAB}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe | "TCP Query User{694A24B0-6DD1-4341-9B8E-200BA2457CB5}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "TCP Query User{723DA0D0-DA31-4D42-8B5B-572F9B064BB8}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | "TCP Query User{753EB020-C38F-4AC0-AEC3-878704E066F1}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe | "TCP Query User{7573DB07-800C-47B4-8D32-11BB50F50947}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | "TCP Query User{7D2EC220-893B-4940-9D58-6A30E6B2935A}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "TCP Query User{7EFE3986-52F2-499D-AFE4-6A611625897B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{83D87E87-DE45-4FEC-927F-6C46722BD8E0}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "TCP Query User{8845BCDB-392C-494B-9636-5D63C3434990}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe | "TCP Query User{8C54264C-4440-4389-8917-7282388B31AE}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "TCP Query User{978FE80C-156C-4F57-9A24-E7A8ED659346}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{9C365E8E-65DD-4B35-8951-36E3F12E56E1}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe | "TCP Query User{9CFBF0EC-4254-4BE4-B75A-161712CE2B4F}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe | "TCP Query User{9DAC9088-808B-4542-8A33-2AB2BC0BA248}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | "TCP Query User{A7A958CC-586C-4464-8A50-EF44269A10AB}E:\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe | "TCP Query User{AB11D7FA-461B-40E0-AB86-DE72A83FED91}E:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\launcher.exe | "TCP Query User{B4130A4E-3B22-4E91-B4AB-418AD51C57FD}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe | "TCP Query User{B4A7D8A2-D9E6-4B1D-92D1-B7D515AD4E1A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{B8307208-EE71-4DD5-82B9-116355413BE1}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe | "TCP Query User{BD3DFB7F-BFE0-489F-A1E7-0E492E53F5CA}C:\users\richard\desktop\keyclone.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\keyclone.exe | "TCP Query User{C5975A98-72D6-4628-9CBD-B966BCE02A48}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe | "TCP Query User{CD683B05-FBF5-49F2-BF59-826C8F4AD6B5}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe | "TCP Query User{CF8A917C-F087-4266-BFEA-6045FDB2E0DE}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe | "TCP Query User{DB1BF7DB-433B-4475-9BE9-F08F3D6A7E0E}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe | "TCP Query User{DE8A5FFA-2C05-4483-98C4-A29FD9782A87}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{DF99459C-EF4A-4D0B-990B-5D694116CC01}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe | "TCP Query User{E02EE622-0975-4F61-A4EC-B6EC0CEAAF57}C:\program files\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\gest\run.exe | "TCP Query User{EF3EB359-54EB-4117-8DAF-CD106B9EC908}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe | "TCP Query User{EFC8BDA3-D6F1-4C5C-8F85-3C7653CCD09D}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe | "TCP Query User{F42087AD-7335-4068-B17E-86DECA04E92B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "TCP Query User{F44E9546-F7F8-46C2-8F2A-52C8774D668B}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "TCP Query User{F62FF5FA-7316-4E85-980B-73E6F811AE1C}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | "TCP Query User{F89884D0-2D23-4CCB-8FD0-E88CE4C91376}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe | "TCP Query User{FB4E9E29-8885-4E0E-B340-75B2058E1418}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe | "TCP Query User{FCE57FC2-4462-4399-AEE9-0324EE13D94D}C:\program files\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | "TCP Query User{FD444346-408F-47FF-931C-DD4D6A496448}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe | "UDP Query User{03273838-4B1D-4DE2-8C94-6B7C89ED05DD}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "UDP Query User{06569B77-ACE1-4C2C-88B9-F3D5E41A3E00}C:\program files\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | "UDP Query User{0D61F23C-0CF6-4F8F-8524-6E51F0A7DBA3}C:\program files\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\gest\run.exe | "UDP Query User{0D841E03-D362-4D34-8DAC-9C9DFE2181DA}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe | "UDP Query User{167FC9F7-93B7-496C-8337-D42E694A325E}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | "UDP Query User{17E9BA15-EDD3-48E6-BA91-FC92BCE3CFA5}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe | "UDP Query User{224E28E4-B34B-46F3-A67B-800F0454DB80}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe | "UDP Query User{246EBF2B-2F65-4CCE-9A3B-626566E6A1FF}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe | "UDP Query User{2E6CFF86-5782-402A-8FA4-4CDAF1D0F58C}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe | "UDP Query User{31549126-DE8B-4968-A435-CC1F3533F4DF}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe | "UDP Query User{315E72EB-F52A-4D1A-BCF1-5AB5C1B3DC9D}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "UDP Query User{322B093C-9C0B-402B-B139-54D315EBCD06}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe | "UDP Query User{38FE104C-1C40-4E44-B054-7AC2452E831D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{3B6A912A-6177-4F11-B4FB-F3D032C5D5F4}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe | "UDP Query User{3D05E7CA-2FD7-4C06-A9B4-20214303E2D1}C:\users\richard\desktop\keyclone.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\keyclone.exe | "UDP Query User{3D932B79-C991-43D3-A1E1-E67FDBB51378}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "UDP Query User{49AF349D-B17E-41F1-B8BB-BE5FCA52B8A4}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe | "UDP Query User{4C7C1C5A-BF5D-411F-8789-C03E80207763}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe | "UDP Query User{4DDB0ECE-7508-4F42-A2E0-D65DA4C326B8}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "UDP Query User{4FC3947E-3ABB-43EE-B8BE-F0921B39852B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{6493B7FC-AF5F-44D3-B468-C06260420CF5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "UDP Query User{6651CFFC-ECD3-4DCE-9FCC-864D111754F0}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe | "UDP Query User{68DBA035-EE16-4909-AEA4-C082AEAD0FF2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{69A6CA33-F3AF-4FE3-BB0A-1D4074F26C4A}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe | "UDP Query User{6B035017-88AC-46A7-9B82-A51214E8DE46}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe | "UDP Query User{6B237776-B215-47BC-8A5B-C31AF9F92E0D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "UDP Query User{6DFDBB76-3F00-4DFC-8D22-FAD543116521}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "UDP Query User{719504E3-6AA8-4972-B61B-A5710BBBD92E}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | "UDP Query User{763795CD-DC22-45A5-AAAB-31129A40EB28}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe | "UDP Query User{7864FF63-B1A2-423C-A7D4-C7B3C6D25264}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | "UDP Query User{7B7EA8AB-5B5C-4186-82EA-A3A019F1C442}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe | "UDP Query User{7EF0DD44-9BA9-4B63-8293-AB4FF212CB3E}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe | "UDP Query User{80EF87A7-BA60-4A7B-A403-DCED8DEDCE1B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{84C746B8-90CF-4845-B824-9CCD113A62E6}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | "UDP Query User{8C4974CA-2771-4598-991E-52DE8E0836E0}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{8D121294-FA52-4212-8C35-9D4B0FB25DAD}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe | "UDP Query User{8EF39EC6-F49B-4EE7-AF86-3137CAB931D5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{930D44FD-932E-4BFB-BBDC-821227893BF9}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe | "UDP Query User{9313FE1C-B275-49E7-BF3A-14725694D29F}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe | "UDP Query User{95CFE0D4-C4BD-4459-8798-ABBAFD52FEDB}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe | "UDP Query User{9C3D4250-0031-4A83-A6A1-266F08DAF004}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe | "UDP Query User{A01786EF-3E05-486D-8A9D-9A4EE6DDFAD9}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "UDP Query User{A3953C60-6D16-4EFD-954D-CA7687D91E7E}E:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\launcher.exe | "UDP Query User{A48449DC-BDC3-4E09-971A-00D4FA9C7D40}C:\users\richard\downloads\curseclient.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\curseclient.exe | "UDP Query User{A7A71E76-34F6-4DC1-AFD2-15542FF72DC0}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "UDP Query User{AAF31584-12C6-470C-B57F-D9F025429D38}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{AC5B1C19-6B0F-4074-A33A-DAE0BC752E85}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | "UDP Query User{ACD9B877-FC2D-4138-BD5A-73DAB90814DF}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe | "UDP Query User{B6845C59-1789-410D-8B5A-CF5B514FCDF9}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "UDP Query User{BA001718-1C4D-465F-A316-A83435A622A9}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{BE94AF44-B93C-4ECA-B7E5-8D7E6DD306BA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "UDP Query User{BECF81BA-4DF8-4C2E-818D-8CCCAB29D5FD}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{BF66F723-2D0A-476D-9BCC-715162659AC3}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe | "UDP Query User{C2648667-9171-407A-9912-100B2689D4CB}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | "UDP Query User{C3B00B90-BC34-4DF4-B00B-F27A8E1A3CB0}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | "UDP Query User{C90F70A3-75FE-4D49-9561-74AE45AF39B4}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe | "UDP Query User{D17AEC0C-1D73-4FD8-B168-CE6978A5737F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{D2DE9292-5AB9-48B4-A2B8-8EF06CD2C908}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | "UDP Query User{D603F158-E10F-4242-A53F-2C12D41EF785}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe | "UDP Query User{E0A7665C-0B00-4101-B2E3-9034C7A5EF72}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | "UDP Query User{E51376B1-840B-4DB1-A983-5A9C5CC31AD1}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe | "UDP Query User{EBCF5AC8-3D6B-4328-BF24-4E3AC6988CEC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{EBE0E2D5-8DC0-4745-8635-76EF487BB8A8}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | "UDP Query User{F19654AD-DDBF-4AAC-8964-7B4A7A65A2DF}E:\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe | "UDP Query User{F5ED05E3-4088-4286-A837-222D6568A982}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{F936FB9D-662C-418F-B87F-4C2886B5207E}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4 "{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3 "{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "BitZipper_is1" = BitZipper 2010 "Diablo III" = Diablo III "Diablo III Beta" = Diablo III Beta "ERUNT_is1" = ERUNT 1.1j "File Cleaner Pro_is1" = File Cleaner Pro v.4.0.3 "Google Chrome" = Google Chrome "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "Katawa Shoujo" = Katawa Shoujo "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Moonshine" = Moonshine 1.0E "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "RegServe" = RegServe "Steam App 10680" = Aliens vs Predator "Steam App 440" = Team Fortress 2 "Steam App 550" = Left 4 Dead 2 "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "The Unzip Wizard" = The Unzip Wizard "Vista Anti-Lag" = Vista Anti-Lag 1.1.1 "VLC media player" = VideoLAN VLC media player 0.8.6f "Windows Live Toolbar" = Windows Live Toolbar "World of Warcraft Public Test" = World of Warcraft Public Test "Xippit" = Xippit 7.1 5. ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/4/2011 12:49:31 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3028 Description = Error - 5/4/2011 12:49:33 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3058 Description = Error - 5/4/2011 12:49:56 AM | Computer Name = Bill | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1010 Description = Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = Error - 5/4/2011 12:51:55 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = Error - 5/4/2011 12:51:56 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = Error - 5/4/2011 12:51:58 AM | Computer Name = Bill | Source = Perflib | ID = 1008 Description = [ System Events ] Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001 Description = Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001 Description = Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001 Description = Error - 5/22/2012 6:48:00 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001 Description = Error - 5/22/2012 7:18:34 PM | Computer Name = Bill | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7023 Description = Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003 Description = Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003 Description = Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7009 Description = Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7000 Description = < End of report > 6. Hi, Lets do this and then I will give you a link to the AVG removal tool, there are a lot of leftover entries for it along with dogpile and a few others that are trackware and not recommended. AVG Remover http://www.avg.com/us-en/download-tools http://download.avg.com/filedir/util..._2011_1322.exe Also, you need to install Antivirus software, this is a free one from Microsoft, download and install it unless you have plans on purchasing one on your own http://windows.microsoft.com/en-GB/w...ity-essentials Open OTL.exe • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL Code: :processes killallprocesses :OTL IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/ IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found. O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found. O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot] • Then click the Run Fix button at the top. <--Not run Scan • Let the program run unhindered, reboot when it is done • Then post the results of the log it produces. • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) 7. All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found. C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully. C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found. File C:\Program Files\Search Toolbar\SearchToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C53FE659-316A-4F56-A194-A5BE491BE866} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found. Registry value HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found. File C:\Program Files\Search Toolbar\SearchToolbar.dll not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\richard\Desktop\cmd.bat deleted successfully. C:\Users\richard\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: richard ->Temp folder emptied: 311632 bytes ->Temporary Internet Files folder emptied: 2584980 bytes ->Java cache emptied: 61185 bytes ->Google Chrome cache emptied: 441542096 bytes ->Flash cache emptied: 343 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1143319164 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 782 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,514.00 mb OTL by OldTimer - Version 3.2.44.0 log created on 05312012_134429 Files\Folders moved on Reboot... Registry entries deleted on Reboot... -------------------------------------------------------------------------- OTL logfile created on: 5/31/2012 1:51:53 PM - Run 3 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.47% Memory free 7.18 Gb Paging File | 5.98 Gb Available in Paging File | 83.38% Paging File free Paging file location(s): Reg Error: Value error. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 102.66 Gb Free Space | 22.04% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BILL | User Name: richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\RegServe\RSListener.exe () PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libglesv2.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libegl.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avutil-51.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avformat-54.dll () MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Program Files\RegServe\RSListener.exe () MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl () MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl () MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation) SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe () ========== Driver Services (SafeList) ========== DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation) DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation) DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.) DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic) DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation) DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation) DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation) DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation) DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation) DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation) DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation) DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation) DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation) DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation) DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation) DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation) DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation) DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation) DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation) DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation) DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation) DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation) DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation) DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation) DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation) DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation) DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation) DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation) DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation) DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation) DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation) DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation) DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation) DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation) DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms} IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/31 13:44:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/31 13:44:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/31 06:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/05/31 06:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/05/31 06:36:45 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe [2012/05/31 06:33:07 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\AVG [2012/05/31 06:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/05/31 06:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/05/31 06:10:17 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe [2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2 [2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III [2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine [2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine [2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine [2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload ========== Files - Modified Within 30 Days ========== [2012/05/31 13:53:21 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/31 13:53:21 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/31 13:46:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/31 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/31 13:46:30 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2012/05/31 13:44:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/05/31 13:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/31 12:55:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/31 06:56:13 | 000,000,959 | ---- | M] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/05/31 06:36:38 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe [2012/05/31 06:01:39 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe [2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk [2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip [2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk [2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat [2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/05/31 06:56:13 | 000,000,959 | ---- | C] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/05/31 06:11:59 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip [2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk [2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys [2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini [2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe [2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB14701\$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

8. I still see a couple of entries for AVG, did you run the removal tool ?

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
13. Push the button.
14. Push
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

9. Yes I ran the removal tool, but I took these two links provided in the opposite order so maybe It was just the PC tune up stuff that was left? I ran it again to be sure.

AVG Remover

-----------------------------------------------------------------------------
I'm not entirely sure how to disable security essentials. My first guess was security center but "the security center service cannot be started".

SecEss detected a few java exploits after i downloaded it. I updated java but haven't done anything to the detections.

10. Nevermind, ^_^ found a checkbox for "real time protection"

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•