Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: Viruses and Me

  1. #1
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default Viruses and Me

    I'm pretty new to forums, and certainly new to requesting help via forums so hopefully i'm not too much trouble ^_^.

    I ran spybot and got W3i.IQ5.fraud detected. The fixing failed.

    This system was used by four college kids for a while so it has picked up a number of viruses and probably a rootkit or two over the years which have been for the most part kept in check with amateur fixes of varius types...many virus removal tools and most likely some registry checks/editors have been run by my cousin at some point in the past.

    Now I'm the only person who will be using it and i would love to finally clean this without missing some underlying problem.

    I noticed that the DDS log shows AVG enabled and updated...I'm almost positive that was removed, or was intended to be removed to make room for malwarebytes. I'm not even sure if those do the same things but that's what i remember. I can't visually see AVG anywhere except for a broken shortcut in a desktop folder.

    Two things to note perhaps...there's a shortcut labeled iExplorere.exe that has a wierd picture and prompts me before it will open (I did not open it), and about two weeks ago my internet stopped working via ethernet cable (cable not detected)...that one's probably hardware but i read somewhere this W3i thing could mess with hardware.

    THANK YOU FOR YOUR TIME I KNOW THIS ISN'T EASY, and hopefully i didn't miss anything/drone on about things that don't matter.






    Here's the short spybot log .


    --- Search result list ---
    Hint of the Day: Click the bar at the right of this to see more information! ()


    W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, fixing failed)
    C:\Windows\System32\AI_RecycleBin\


    ...and here's the not so short DDS log


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by richard at 21:47:55 on 2012-05-22
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3582.2277 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\RegServe\RSListener.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No File
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [FileCleaner-Pro] c:\program files\file cleaner pro\FileCleaner-Pro.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [RSListener] c:\program files\regserve\RSListener.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7} : DhcpNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A} : DhcpNameServer = 192.168.0.1 205.171.2.25
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-28 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-1 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-20 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-1 22344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
    S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-9-27 47624]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176]
    S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-05-14 21:51:59 -------- d-----w- c:\program files\Diablo III
    2012-05-14 08:18:43 -------- d-----w- c:\users\richard\Diablo-III-8370-enUS-Installer
    2012-05-11 09:02:10 -------- d-----w- c:\programdata\ONScripter-En
    2012-05-11 09:02:10 -------- d-----w- c:\programdata\Moonshine
    2012-05-11 08:58:43 -------- d-----w- c:\program files\Moonshine
    2012-05-04 09:13:45 -------- d-----w- c:\program files\1ClickDownload
    2012-04-26 09:26:57 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-26 09:26:57 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-26 09:26:57 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-26 09:26:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-26 09:20:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
    .
    ==================== Find3M ====================
    .
    2012-05-05 09:36:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 09:36:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-21 02:22:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-29 23:59:00 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-29 19:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 21:48:16.05 ===============

    Sorry about those two links there...not sure why there's links in a log but i'm pretty sure at least the sushi one is malicious. Not sure what i should do.
    Last edited by tashi; 2012-05-23 at 07:39. Reason: Merged posts. Links in logs are normal but I went ahead and disabled :-)

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,812

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



    AVG is a Antivirus program, Malwarebytes is a Anti Malware, you can keep them both. Does AVG run at all ?

    Dont fool around with any registry cleaners, if the wrong entries are removed it can make your system unbootable.


    Open Malwarebytes, go to the update tab and update it, then the scan tab and run the quick scan and post the log please


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    No, AVG does not run at all from what i can tell. Can't find any trace of it anywhere except at the beginning of that LOP check section of the OTL log. I did find "AVG_remover_stf_x86_2012_1796" in start search along with its run log.

    --------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.31.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    richard :: BILL [administrator]

    Protection: Enabled

    5/31/2012 12:44:25 AM
    mbam-log-2012-05-31 (00-44-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217656
    Time elapsed: 1 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    --------------------------------------------------------------------------


    OTL logfile created on: 5/31/2012 12:47:13 AM - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free
    7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free
    Paging file location(s): Reg Error: Value error.

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: BILL | User Name: richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\RegServe\RSListener.exe ()
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Vista Anti-Lag\val.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
    MOD - C:\Program Files\RegServe\RSListener.exe ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Vista Anti-Lag\val.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
    SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (mbr) -- C:\Users\richard\AppData\Local\Temp\mbr.sys File not found
    DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
    DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
    DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
    DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
    DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
    DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
    DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.)
    DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
    DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
    DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
    DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
    DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
    DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
    DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
    DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
    DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
    DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
    DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
    DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
    DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
    DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
    DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
    DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation)
    DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
    DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
    DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
    DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
    DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
    DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
    DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
    DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
    DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
    DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
    DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
    DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
    DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
    DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

    [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions
    [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/21 14:47:27 | 000,440,055 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 15133 more lines...
    O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found.
    O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [FileCleaner-Pro] C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe (WebMinds Inc)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
    [2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2
    [2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
    [2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer
    [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En
    [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine
    [2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine
    [2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine
    [2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/31 00:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
    [2012/05/30 23:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/30 16:46:23 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2012/05/30 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
    [2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip
    [2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk
    [2012/05/22 17:24:46 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/22 17:24:46 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/22 17:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/22 17:18:19 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat
    [2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip
    [2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk
    [2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
    [2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe
    [2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== LOP Check ==========

    [2011/05/13 03:21:06 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\AVG10
    [2010/11/09 02:46:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\BitZipper
    [2011/01/31 20:55:21 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\EurekaLog
    [2011/12/21 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LimeWire
    [2011/05/07 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient
    [2012/05/23 04:27:52 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient2
    [2012/04/06 19:54:32 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Mumble
    [2011/12/21 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\MusicNet
    [2012/01/01 08:11:10 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Octoshape
    [2012/01/01 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Origin
    [2012/03/16 07:48:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RenPy
    [2012/01/01 08:30:23 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RIFT
    [2009/11/12 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\SystemRequirementsLab
    [2012/04/11 01:39:59 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\TS3Client
    [2009/03/14 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Unity
    [2011/10/18 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\wargaming.net
    [2010/11/09 02:47:17 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\WeatherBug
    [2008/10/01 20:47:32 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    [2012/05/22 16:44:34 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB14701$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >

  4. #4
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    OTL Extras logfile created on: 5/31/2012 12:47:13 AM - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free
    7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free
    Paging file location(s): Reg Error: Value error.

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: BILL | User Name: richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{129047F0-65A3-4542-B3D1-D08358DABC46}" = rport=138 | protocol=17 | dir=out | app=system |
    "{46325486-4C79-4B92-B5A3-9671E325CF0E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{51DA498E-F129-423F-AB86-87567ECDAF71}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6149145F-F3E5-4A73-9700-DF2CED6B44AC}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{6D62BDE0-015D-4565-8ACB-6ACF542692FB}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8C8531AB-8274-4F26-80DE-0B7D222D8C9B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8DC9C3AA-0F2A-4BF4-BB87-3FA44DDDB480}" = rport=445 | protocol=6 | dir=out | app=system |
    "{98B9AF27-02A6-4EA7-A872-7BE85E265451}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9DC461B9-0EB3-4D4C-9A67-9303A004738A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A74A2B2A-6DBE-40AC-9522-865DEE24787A}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader: 6112 |
    "{B7964D78-BCCC-4328-9936-30ED155A9F2E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{ED1B5868-03C4-4A46-8F1A-D8B25F9DB73E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A85AAC-0708-43B0-9D92-35F55B0FD7D9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{01FBCB8A-F4CF-4D38-BA81-62D577EFE127}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{03B793EE-64C1-4CAD-B290-05022AAA3319}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
    "{04110C6F-DBF2-4F55-9869-D7A17097E867}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{048EE002-2ECD-4765-8D31-2E8D1AFA54F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
    "{074FBA8C-0D47-4BF7-848D-BB96AD4E1A63}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{08E4DAC1-55CA-4CC5-9CC5-A82A1F086CC2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
    "{0D15721C-0748-41C5-9DDE-3C3B3FB0DBED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{102D3171-ED31-4210-98B9-58AC5AF188B3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{10AA92A2-84D4-4E6A-9F20-D1F93752219A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
    "{111587BA-F7BF-405A-9544-5822B625CC05}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{12CE5B83-C79D-4636-AA49-C89FFA577FC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{130EDF7A-F98F-4922-A652-C0D9C706E0EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{14444D68-70D4-4992-B419-3EF1E94DBE4E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
    "{15ECFBFA-3521-4F7F-B36B-4BC05D130009}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
    "{175C51DB-AD25-49D4-B1F5-EFDA900A12A3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
    "{18E3ECE8-89F1-4D38-89D7-57E452A47E93}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
    "{1B0842D7-9E27-4958-9FC5-4D9333D0AA6C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
    "{1BD78863-1FB0-4F8B-B518-2EE40E2C0013}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{1E67325F-045E-43E5-88AB-C7C94E1113E7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{1EA3C00C-932A-4EA7-A4DE-C2DDC82CF998}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{1F3C9FCC-A0FA-48DE-85EE-112DD31E4B0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{21A6D3AE-0D6A-4620-A982-EDA3DDF53D62}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{255CA6C0-6AE0-4641-B771-128B33566D2A}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
    "{2652A87E-C143-44AB-8E13-5ED402440EAB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{268A101D-B2F5-45E6-827A-3CA242EF4BF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
    "{270D21E6-92CE-4617-834B-3ABC20084451}" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe |
    "{289BB8E8-9DBA-4430-9FAD-8384CFC06B32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
    "{290F91DA-7389-405B-9E0E-F509239B0711}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
    "{2B12159A-C15C-4D81-8442-158DEF899E45}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe |
    "{2B97A230-6242-4274-831F-8516A6795998}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{2BF1AC15-7B9A-465E-8462-CF08E2ECF562}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{2C7B69CB-844F-4887-904D-43821787CFBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
    "{309D2B98-7CC4-4953-B58A-4C1E3C40CF5C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{30BB10B0-64EE-4E1F-9059-C2305ACF291A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
    "{3219AFB6-9CEF-4DCF-84B3-21415164E107}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{33A6614E-0A1F-4AFC-8F3D-7E85489F1859}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
    "{34CFB46B-BA9F-409D-B704-9B8C56907843}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{3A9AC9C7-118C-401A-8511-C3BFB33117B7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{3B5DFD94-D5E9-49FC-B9FB-11935BC888D5}" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe |
    "{3B6CF03F-5929-439F-9A76-DB3FB820D7AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe |
    "{3D2EBF2E-340A-4664-85E1-77A2D0A5DC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3DDA37E8-64D4-412B-A3DF-8348ACB95E79}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
    "{40809F92-E686-4B6F-B0A6-3740C7970CB1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{4360EA86-C047-4A1F-AACE-0D10C9A78F96}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
    "{45A1C234-F75F-4203-9FDF-897D45BABABA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{45D785BC-0AC4-4B69-8AF5-20CC6A2741C7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{46AF020C-05E5-4A6C-BC32-3F1611C7BA3B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
    "{4B0B91A2-DFCA-4A49-A2EC-1AB159099FA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{4CF3A253-D1C6-44DB-9134-1569B2356944}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{4D34BE7D-61C6-4E14-8719-7E3C9DE1C555}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
    "{4FA75AF9-DA6A-432E-B90E-DFB9748A072E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{4FF400D8-198D-44D1-A2E3-BA70C4BF8BED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{505F7841-B300-455A-80A9-32423751B4AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{50E80CE7-B642-46C8-92FA-DA13D28A5635}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
    "{551A032E-3713-4F68-AC1C-E101CCED4679}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{551CD340-98AE-420E-B820-626FAF38703D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
    "{56FFF819-2D62-469F-96B2-683C0AE1C8BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{591F4490-818A-4D0A-BC3E-55B7009AA25B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{5E58F6C4-5E9C-4484-B799-C1D82A23811F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{60ACE5FD-0671-44F3-A99A-5D07C1ABB070}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe |
    "{6475AD64-C59C-408F-BA2F-C5644A9ECE54}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
    "{66AB1082-DABA-4794-8CE2-ED93C486E705}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
    "{6805A50B-E126-42D6-B1FF-6715D671E05E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{6AD2F3DB-B625-4202-B901-6C277EB2D4B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{6AE99EF6-19B4-4075-AD7A-0CDDD08846F3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
    "{6C9D5E83-3F95-4C90-8C9D-0CEFF2252BF6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
    "{6CE5AFD3-B1E1-4560-B11B-F1B05A680090}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{6DF6873B-5558-46B2-B6EA-66573F467C86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{6E50C3E1-0B29-4C9F-9291-E2133A848E3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{6E660239-7C88-4D90-A930-2057507D03EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
    "{6E973155-5410-4412-8F06-C62C3A439432}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
    "{7825E7C6-9A5B-4E0E-862F-761B2332771C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
    "{7BF99AD6-3AAC-4ABB-9EDE-259EC9600B1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{7C71D58C-01A1-40FE-B2D2-9FB14166FFAE}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
    "{7CDF3919-BD6E-4CCB-A21F-CA42695C6833}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
    "{868C724A-63E8-4BF6-AE52-C63CCBA35E69}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{88FEF702-2979-493C-A16B-76509CEC9A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{89E98773-CDB4-4CE7-B473-C249323E5105}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{8D6574AD-9266-477C-B9CF-F26FC5525AE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{8D6793A4-C697-4954-A0F9-F76D1BFA7E8E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
    "{8FB8A25C-B9A3-4C52-ABC4-1BD9824EC3CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
    "{90723E2F-56DD-4293-A06B-A511AC3D4CD7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
    "{94C77DF5-BC73-422A-B06E-EE2B776D461D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
    "{965470C3-1646-4E9A-936E-8B21CD33741B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
    "{9753DD48-C02D-48CA-9B90-20E5A39C1B09}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
    "{97C2B38A-68B9-4D73-8121-9269564BAE2D}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
    "{97EA33B9-F27B-41BB-80B6-70405604665A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{98A30F60-AFCD-477B-B769-79F69268AE4A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{9A22A4E7-3F06-46F3-BFE4-6EF650A32729}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
    "{A1F13F54-1010-4797-B64E-593AC4845B34}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
    "{A59E5848-16AE-4010-B119-27DADF2A002C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
    "{A5F80F71-0016-4BE3-9BE6-70ADAA19EBC8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
    "{A842B4C3-494D-4E9B-92FE-683E853D870C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
    "{A8AB56DD-77C5-4C35-88A6-520BFC14D6D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{A9CEF112-EFC7-4B17-B137-739526A5FC95}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe |
    "{AA6C8133-DB2C-408D-9BCC-5BB1721DF106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
    "{ABB0C38A-30C4-411F-83C8-26251520FF02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
    "{ADBEB06F-0279-42B6-8434-5EBB50836C16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe |
    "{AE31E958-08C8-40F1-A00B-CB29DED15DB3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe |
    "{AF583A28-FD6A-4F65-9856-DB697142A8BF}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{B04BB4D6-A3A8-4911-A4D3-E6AB1180732D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe |
    "{B1524640-A117-4108-A179-2EA1D566C836}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe |
    "{B328BB98-412F-420F-B4B5-87E9FE553BFA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe |
    "{B3B9321C-2BB6-4A65-9D8C-E864F09968DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
    "{B9FA3C2B-F66C-4295-BF26-D06C769DA289}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{BCA5506E-2645-4960-86E0-213AA3FCC11A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{BED3CD03-223B-4B16-A3B1-861009AC20DD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
    "{C551DA88-A3C7-4609-94D2-E556494B921E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CB86B4D0-6E87-45EA-AECB-D515DA8DB249}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
    "{CDAFED9D-5971-4D52-B185-BE58110A3901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{D197A340-D247-48C2-8DB7-36268345E113}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{D3FE1508-60EC-4BCE-AA5B-D4DC3468D2C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{D746DBD6-723A-44E2-B4D2-6C0D1371A190}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
    "{D75E6BBD-3EDB-4F0A-8602-DD0E5D7E7477}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{DB699EDA-1EFB-40F0-AE48-598B0930379A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{DD855CAB-F25A-45A8-8B13-9D495FE3FFEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
    "{DEAD55E2-4865-4DD9-9A8E-984DEEFA43A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
    "{E557D94A-C342-4468-8D12-AA8C35EF511D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E7050F9C-2E18-4F70-8AB7-8D6E1DD2FBAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
    "{E94CAA9E-03E1-4584-B561-C9BDE2D3FB56}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{EFB29D85-B83B-450E-8636-A25B4BDF867B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{F1C13C2A-382E-401E-B4E1-C17174364D53}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe |
    "{F32ABA4D-974A-4D70-93E6-DBCCAEEDBF9E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{F4EAD67B-4D70-41BB-9E84-1B55C0383009}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe |
    "{FAE7AE62-1FA7-41A8-84F6-2DCD91A5E648}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe |
    "{FD1C6C9D-FE5C-47C8-B579-2DE9BDC82DDB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{FDC89089-DF59-48D7-8196-7D9081F24367}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
    "TCP Query User{009BBC87-7522-4F8E-88C5-4340484DD343}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{02B6D46F-EAE8-409E-9D63-B705C7A20B2D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
    "TCP Query User{035DCA46-1906-432E-A11E-73905FA28BFF}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
    "TCP Query User{03E3DE6D-3D0D-4088-91E6-C8D527BCD187}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{048D29D7-7D99-47B1-8FC9-726A0844B689}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
    "TCP Query User{0870B23B-ACDB-4DE0-8969-50DEA4D162F1}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
    "TCP Query User{09169BD3-3B9C-42FE-83C4-2F61ABA75ED1}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "TCP Query User{0E6C0BB4-B2D4-4DC7-BEA9-C49209B02B16}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "TCP Query User{0F7E8198-F86E-442D-A42B-4C839D27DBB5}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe |
    "TCP Query User{1362C5A7-24D8-4488-BC75-C64AA03B1CCA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "TCP Query User{1514D36D-EA88-41DA-8A32-AC06C8D8A272}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{18B42327-9FA6-410F-8BD7-763A8E40F340}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe |
    "TCP Query User{1932AE47-140D-43EB-8F0C-7C7CAA1141B4}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe |
    "TCP Query User{1963B85A-5E93-4960-91E2-B3E76345749B}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "TCP Query User{26167E64-E2E6-44A0-9346-33D3697EF557}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
    "TCP Query User{2CDA4E80-B16F-4A36-BC04-295BBD89AE6F}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "TCP Query User{2D4DFBA1-66C0-435B-ADDC-9F7531CCA697}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{310CC811-9E87-43C1-B9E0-5BEF03C93C2D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "TCP Query User{33D5494E-DEFE-4A5F-B0DF-F3E5FC33F715}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
    "TCP Query User{36634C55-E2A5-4E19-89BE-3309F6243769}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
    "TCP Query User{3A294DAB-B553-4B1D-93AC-C25D509DAE7D}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
    "TCP Query User{3F8E4723-6552-4A68-B15C-DAA88E8DC13A}C:\users\richard\downloads\curseclient.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\curseclient.exe |
    "TCP Query User{47A5D64C-635A-4774-891B-B77297CA1E1E}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
    "TCP Query User{4B15D65B-441E-492F-995D-8696DADDFD42}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe |
    "TCP Query User{4CF9ADF9-E346-45AF-AF0D-4AABEB06C935}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
    "TCP Query User{514E0C9C-6031-4AC0-8044-B3C656A41C22}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
    "TCP Query User{51E7E566-3C4C-4184-885C-4DF30ACE2FE0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{5525AF59-2BCA-4AAB-906E-E72E92D891B4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "TCP Query User{60EAF469-A392-44B7-A3CD-FCCD1FEED6E8}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
    "TCP Query User{64D536FF-E4B3-455E-B947-E5D2952605AA}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "TCP Query User{68EA163B-9825-4A8E-B082-AED0FFBA4EAB}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe |
    "TCP Query User{694A24B0-6DD1-4341-9B8E-200BA2457CB5}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
    "TCP Query User{723DA0D0-DA31-4D42-8B5B-572F9B064BB8}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
    "TCP Query User{753EB020-C38F-4AC0-AEC3-878704E066F1}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe |
    "TCP Query User{7573DB07-800C-47B4-8D32-11BB50F50947}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
    "TCP Query User{7D2EC220-893B-4940-9D58-6A30E6B2935A}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "TCP Query User{7EFE3986-52F2-499D-AFE4-6A611625897B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "TCP Query User{83D87E87-DE45-4FEC-927F-6C46722BD8E0}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "TCP Query User{8845BCDB-392C-494B-9636-5D63C3434990}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe |
    "TCP Query User{8C54264C-4440-4389-8917-7282388B31AE}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
    "TCP Query User{978FE80C-156C-4F57-9A24-E7A8ED659346}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "TCP Query User{9C365E8E-65DD-4B35-8951-36E3F12E56E1}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe |
    "TCP Query User{9CFBF0EC-4254-4BE4-B75A-161712CE2B4F}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe |
    "TCP Query User{9DAC9088-808B-4542-8A33-2AB2BC0BA248}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
    "TCP Query User{A7A958CC-586C-4464-8A50-EF44269A10AB}E:\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe |
    "TCP Query User{AB11D7FA-461B-40E0-AB86-DE72A83FED91}E:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\launcher.exe |
    "TCP Query User{B4130A4E-3B22-4E91-B4AB-418AD51C57FD}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
    "TCP Query User{B4A7D8A2-D9E6-4B1D-92D1-B7D515AD4E1A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{B8307208-EE71-4DD5-82B9-116355413BE1}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe |
    "TCP Query User{BD3DFB7F-BFE0-489F-A1E7-0E492E53F5CA}C:\users\richard\desktop\keyclone.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\keyclone.exe |
    "TCP Query User{C5975A98-72D6-4628-9CBD-B966BCE02A48}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe |
    "TCP Query User{CD683B05-FBF5-49F2-BF59-826C8F4AD6B5}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe |
    "TCP Query User{CF8A917C-F087-4266-BFEA-6045FDB2E0DE}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe |
    "TCP Query User{DB1BF7DB-433B-4475-9BE9-F08F3D6A7E0E}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe |
    "TCP Query User{DE8A5FFA-2C05-4483-98C4-A29FD9782A87}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{DF99459C-EF4A-4D0B-990B-5D694116CC01}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe |
    "TCP Query User{E02EE622-0975-4F61-A4EC-B6EC0CEAAF57}C:\program files\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\gest\run.exe |
    "TCP Query User{EF3EB359-54EB-4117-8DAF-CD106B9EC908}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe |
    "TCP Query User{EFC8BDA3-D6F1-4C5C-8F85-3C7653CCD09D}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
    "TCP Query User{F42087AD-7335-4068-B17E-86DECA04E92B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
    "TCP Query User{F44E9546-F7F8-46C2-8F2A-52C8774D668B}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "TCP Query User{F62FF5FA-7316-4E85-980B-73E6F811AE1C}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "TCP Query User{F89884D0-2D23-4CCB-8FD0-E88CE4C91376}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
    "TCP Query User{FB4E9E29-8885-4E0E-B340-75B2058E1418}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
    "TCP Query User{FCE57FC2-4462-4399-AEE9-0324EE13D94D}C:\program files\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
    "TCP Query User{FD444346-408F-47FF-931C-DD4D6A496448}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
    "UDP Query User{03273838-4B1D-4DE2-8C94-6B7C89ED05DD}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
    "UDP Query User{06569B77-ACE1-4C2C-88B9-F3D5E41A3E00}C:\program files\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
    "UDP Query User{0D61F23C-0CF6-4F8F-8524-6E51F0A7DBA3}C:\program files\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\gest\run.exe |
    "UDP Query User{0D841E03-D362-4D34-8DAC-9C9DFE2181DA}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe |
    "UDP Query User{167FC9F7-93B7-496C-8337-D42E694A325E}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
    "UDP Query User{17E9BA15-EDD3-48E6-BA91-FC92BCE3CFA5}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe |
    "UDP Query User{224E28E4-B34B-46F3-A67B-800F0454DB80}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
    "UDP Query User{246EBF2B-2F65-4CCE-9A3B-626566E6A1FF}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe |
    "UDP Query User{2E6CFF86-5782-402A-8FA4-4CDAF1D0F58C}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe |
    "UDP Query User{31549126-DE8B-4968-A435-CC1F3533F4DF}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
    "UDP Query User{315E72EB-F52A-4D1A-BCF1-5AB5C1B3DC9D}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "UDP Query User{322B093C-9C0B-402B-B139-54D315EBCD06}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
    "UDP Query User{38FE104C-1C40-4E44-B054-7AC2452E831D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{3B6A912A-6177-4F11-B4FB-F3D032C5D5F4}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe |
    "UDP Query User{3D05E7CA-2FD7-4C06-A9B4-20214303E2D1}C:\users\richard\desktop\keyclone.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\keyclone.exe |
    "UDP Query User{3D932B79-C991-43D3-A1E1-E67FDBB51378}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
    "UDP Query User{49AF349D-B17E-41F1-B8BB-BE5FCA52B8A4}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
    "UDP Query User{4C7C1C5A-BF5D-411F-8789-C03E80207763}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe |
    "UDP Query User{4DDB0ECE-7508-4F42-A2E0-D65DA4C326B8}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
    "UDP Query User{4FC3947E-3ABB-43EE-B8BE-F0921B39852B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{6493B7FC-AF5F-44D3-B468-C06260420CF5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
    "UDP Query User{6651CFFC-ECD3-4DCE-9FCC-864D111754F0}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe |
    "UDP Query User{68DBA035-EE16-4909-AEA4-C082AEAD0FF2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{69A6CA33-F3AF-4FE3-BB0A-1D4074F26C4A}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe |
    "UDP Query User{6B035017-88AC-46A7-9B82-A51214E8DE46}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe |
    "UDP Query User{6B237776-B215-47BC-8A5B-C31AF9F92E0D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "UDP Query User{6DFDBB76-3F00-4DFC-8D22-FAD543116521}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "UDP Query User{719504E3-6AA8-4972-B61B-A5710BBBD92E}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
    "UDP Query User{763795CD-DC22-45A5-AAAB-31129A40EB28}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
    "UDP Query User{7864FF63-B1A2-423C-A7D4-C7B3C6D25264}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
    "UDP Query User{7B7EA8AB-5B5C-4186-82EA-A3A019F1C442}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe |
    "UDP Query User{7EF0DD44-9BA9-4B63-8293-AB4FF212CB3E}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe |
    "UDP Query User{80EF87A7-BA60-4A7B-A403-DCED8DEDCE1B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{84C746B8-90CF-4845-B824-9CCD113A62E6}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
    "UDP Query User{8C4974CA-2771-4598-991E-52DE8E0836E0}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "UDP Query User{8D121294-FA52-4212-8C35-9D4B0FB25DAD}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
    "UDP Query User{8EF39EC6-F49B-4EE7-AF86-3137CAB931D5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
    "UDP Query User{930D44FD-932E-4BFB-BBDC-821227893BF9}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe |
    "UDP Query User{9313FE1C-B275-49E7-BF3A-14725694D29F}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe |
    "UDP Query User{95CFE0D4-C4BD-4459-8798-ABBAFD52FEDB}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe |
    "UDP Query User{9C3D4250-0031-4A83-A6A1-266F08DAF004}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
    "UDP Query User{A01786EF-3E05-486D-8A9D-9A4EE6DDFAD9}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
    "UDP Query User{A3953C60-6D16-4EFD-954D-CA7687D91E7E}E:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\launcher.exe |
    "UDP Query User{A48449DC-BDC3-4E09-971A-00D4FA9C7D40}C:\users\richard\downloads\curseclient.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\curseclient.exe |
    "UDP Query User{A7A71E76-34F6-4DC1-AFD2-15542FF72DC0}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
    "UDP Query User{AAF31584-12C6-470C-B57F-D9F025429D38}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{AC5B1C19-6B0F-4074-A33A-DAE0BC752E85}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "UDP Query User{ACD9B877-FC2D-4138-BD5A-73DAB90814DF}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
    "UDP Query User{B6845C59-1789-410D-8B5A-CF5B514FCDF9}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
    "UDP Query User{BA001718-1C4D-465F-A316-A83435A622A9}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "UDP Query User{BE94AF44-B93C-4ECA-B7E5-8D7E6DD306BA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{BECF81BA-4DF8-4C2E-818D-8CCCAB29D5FD}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
    "UDP Query User{BF66F723-2D0A-476D-9BCC-715162659AC3}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
    "UDP Query User{C2648667-9171-407A-9912-100B2689D4CB}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
    "UDP Query User{C3B00B90-BC34-4DF4-B00B-F27A8E1A3CB0}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
    "UDP Query User{C90F70A3-75FE-4D49-9561-74AE45AF39B4}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe |
    "UDP Query User{D17AEC0C-1D73-4FD8-B168-CE6978A5737F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{D2DE9292-5AB9-48B4-A2B8-8EF06CD2C908}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
    "UDP Query User{D603F158-E10F-4242-A53F-2C12D41EF785}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
    "UDP Query User{E0A7665C-0B00-4101-B2E3-9034C7A5EF72}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
    "UDP Query User{E51376B1-840B-4DB1-A983-5A9C5CC31AD1}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe |
    "UDP Query User{EBCF5AC8-3D6B-4328-BF24-4E3AC6988CEC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "UDP Query User{EBE0E2D5-8DC0-4745-8635-76EF487BB8A8}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
    "UDP Query User{F19654AD-DDBF-4AAC-8964-7B4A7A65A2DF}E:\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe |
    "UDP Query User{F5ED05E3-4088-4286-A837-222D6568A982}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{F936FB9D-662C-418F-B87F-4C2886B5207E}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
    "{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
    "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
    "{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
    "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "BitZipper_is1" = BitZipper 2010
    "Diablo III" = Diablo III
    "Diablo III Beta" = Diablo III Beta
    "ERUNT_is1" = ERUNT 1.1j
    "File Cleaner Pro_is1" = File Cleaner Pro v.4.0.3
    "Google Chrome" = Google Chrome
    "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
    "Katawa Shoujo" = Katawa Shoujo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Moonshine" = Moonshine 1.0E
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Origin" = Origin
    "RegServe" = RegServe
    "Steam App 10680" = Aliens vs Predator
    "Steam App 440" = Team Fortress 2
    "Steam App 550" = Left 4 Dead 2
    "SystemRequirementsLab" = System Requirements Lab
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "The Unzip Wizard" = The Unzip Wizard
    "Vista Anti-Lag" = Vista Anti-Lag 1.1.1
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Windows Live Toolbar" = Windows Live Toolbar
    "World of Warcraft Public Test" = World of Warcraft Public Test
    "Xippit" = Xippit 7.1

  5. #5
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/4/2011 12:49:31 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3028
    Description =

    Error - 5/4/2011 12:49:33 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3058
    Description =

    Error - 5/4/2011 12:49:56 AM | Computer Name = Bill | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1010
    Description =

    Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    Error - 5/4/2011 12:51:55 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    Error - 5/4/2011 12:51:56 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    Error - 5/4/2011 12:51:58 AM | Computer Name = Bill | Source = Perflib | ID = 1008
    Description =

    [ System Events ]
    Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
    Description =

    Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
    Description =

    Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
    Description =

    Error - 5/22/2012 6:48:00 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
    Description =

    Error - 5/22/2012 7:18:34 PM | Computer Name = Bill | Source = Microsoft-Windows-ResourcePublication | ID = 1002
    Description =

    Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7023
    Description =

    Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003
    Description =

    Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003
    Description =

    Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7009
    Description =

    Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,812

    Default

    Hi,

    Lets do this and then I will give you a link to the AVG removal tool, there are a lot of leftover entries for it along with dogpile and a few others that are trackware and not recommended.


    AVG Remover
    http://www.avg.com/us-en/download-tools
    http://download.avg.com/filedir/util..._2011_1322.exe


    Also, you need to install Antivirus software, this is a free one from Microsoft, download and install it unless you have plans on purchasing one on your own

    http://windows.microsoft.com/en-GB/w...ity-essentials



    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      
      :OTL
      IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
      IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?
      IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
      IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
      IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/
      IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms}
      IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
      [2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found.
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
      O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found.
      O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
    C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C53FE659-316A-4F56-A194-A5BE491BE866} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\richard\Desktop\cmd.bat deleted successfully.
    C:\Users\richard\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: richard
    ->Temp folder emptied: 311632 bytes
    ->Temporary Internet Files folder emptied: 2584980 bytes
    ->Java cache emptied: 61185 bytes
    ->Google Chrome cache emptied: 441542096 bytes
    ->Flash cache emptied: 343 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1143319164 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 782 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,514.00 mb


    OTL by OldTimer - Version 3.2.44.0 log created on 05312012_134429

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    --------------------------------------------------------------------------


    OTL logfile created on: 5/31/2012 1:51:53 PM - Run 3
    OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.47% Memory free
    7.18 Gb Paging File | 5.98 Gb Available in Paging File | 83.38% Paging File free
    Paging file location(s): Reg Error: Value error.

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 102.66 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: BILL | User Name: richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\RegServe\RSListener.exe ()
    PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
    MOD - C:\Program Files\RegServe\RSListener.exe ()
    MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
    MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
    MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
    SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
    DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
    DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
    DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
    DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
    DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
    DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.)
    DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
    DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
    DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
    DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
    DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
    DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
    DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
    DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
    DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
    DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
    DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
    DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
    DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
    DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
    DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
    DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation)
    DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
    DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
    DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
    DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
    DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
    DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
    DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
    DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
    DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
    DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
    DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
    DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
    DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
    DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

    [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions
    [2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/05/31 13:44:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/31 13:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/05/31 06:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2012/05/31 06:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/05/31 06:36:45 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe
    [2012/05/31 06:33:07 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\AVG
    [2012/05/31 06:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/05/31 06:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/05/31 06:10:17 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
    [2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2
    [2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    [2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
    [2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer
    [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En
    [2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine
    [2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine
    [2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine
    [2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload

    ========== Files - Modified Within 30 Days ==========

    [2012/05/31 13:53:21 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/31 13:53:21 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/31 13:46:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/31 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/31 13:46:30 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/31 13:44:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2012/05/31 13:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/31 12:55:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/31 06:56:13 | 000,000,959 | ---- | M] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2012/05/31 06:36:38 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe
    [2012/05/31 06:01:39 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
    [2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
    [2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip
    [2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk
    [2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat
    [2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2012/05/31 06:56:13 | 000,000,959 | ---- | C] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2012/05/31 06:11:59 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip
    [2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk
    [2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
    [2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
    [2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe
    [2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB14701$] -> Error: Cannot create file handle -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,812

    Default

    I still see a couple of entries for AVG, did you run the removal tool ?


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    Yes I ran the removal tool, but I took these two links provided in the opposite order so maybe It was just the PC tune up stuff that was left? I ran it again to be sure.

    AVG Remover
    http://www.avg.com/us-en/download-tools
    http://download.avg.com/filedir/util..._2011_1322.exe

    -----------------------------------------------------------------------------
    I'm not entirely sure how to disable security essentials. My first guess was security center but "the security center service cannot be started".

    SecEss detected a few java exploits after i downloaded it. I updated java but haven't done anything to the detections.

  10. #10
    Junior Member
    Join Date
    May 2012
    Posts
    20

    Default

    Nevermind, ^_^ found a checkbox for "real time protection"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •