View Full Version : Viruses and Me
I'm pretty new to forums, and certainly new to requesting help via forums so hopefully i'm not too much trouble ^_^.
I ran spybot and got W3i.IQ5.fraud detected. The fixing failed.
This system was used by four college kids for a while so it has picked up a number of viruses and probably a rootkit or two over the years which have been for the most part kept in check with amateur fixes of varius types...many virus removal tools and most likely some registry checks/editors:confused: have been run by my cousin at some point in the past.
Now I'm the only person who will be using it and i would love to finally clean this without missing some underlying problem.
I noticed that the DDS log shows AVG enabled and updated...I'm almost positive that was removed, or was intended to be removed to make room for malwarebytes. I'm not even sure if those do the same things but that's what i remember. I can't visually see AVG anywhere except for a broken shortcut in a desktop folder.
Two things to note perhaps...there's a shortcut labeled iExplorere.exe that has a wierd picture and prompts me before it will open (I did not open it), and about two weeks ago my internet stopped working via ethernet cable (cable not detected)...that one's probably hardware but i read somewhere this W3i thing could mess with hardware.
THANK YOU FOR YOUR TIME I KNOW THIS ISN'T EASY, and hopefully i didn't miss anything/drone on about things that don't matter.
Here's the short spybot log :cowboy:.
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, fixing failed)
C:\Windows\System32\AI_RecycleBin\
...and here's the not so short DDS log :rockon:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by richard at 21:47:55 on 2012-05-22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3582.2277 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\RegServe\RSListener.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {C53FE659-316A-4F56-A194-A5BE491BE866} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [FileCleaner-Pro] c:\program files\file cleaner pro\FileCleaner-Pro.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [RSListener] c:\program files\regserve\RSListener.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7} : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A} : DhcpNameServer = 192.168.0.1 205.171.2.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-28 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-1 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-20 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-1 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-9-27 47624]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-10 136176]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-14 21:51:59 -------- d-----w- c:\program files\Diablo III
2012-05-14 08:18:43 -------- d-----w- c:\users\richard\Diablo-III-8370-enUS-Installer
2012-05-11 09:02:10 -------- d-----w- c:\programdata\ONScripter-En
2012-05-11 09:02:10 -------- d-----w- c:\programdata\Moonshine
2012-05-11 08:58:43 -------- d-----w- c:\program files\Moonshine
2012-05-04 09:13:45 -------- d-----w- c:\program files\1ClickDownload
2012-04-26 09:26:57 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-26 09:26:57 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-26 09:26:57 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-26 09:26:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-26 09:20:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
==================== Find3M ====================
.
2012-05-05 09:36:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:36:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 02:22:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:59:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:59:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-29 23:59:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 19:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:48:16.05 ===============
:sad: Sorry about those two links there...not sure why there's links in a log but i'm pretty sure at least the sushi one is malicious. Not sure what i should do.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
AVG is a Antivirus program, Malwarebytes is a Anti Malware, you can keep them both. Does AVG run at all ?
Dont fool around with any registry cleaners, if the wrong entries are removed it can make your system unbootable.
Open Malwarebytes, go to the update tab and update it, then the scan tab and run the quick scan and post the log please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
No, AVG does not run at all from what i can tell. Can't find any trace of it anywhere except at the beginning of that LOP check section of the OTL log. :lip: I did find "AVG_remover_stf_x86_2012_1796" in start search along with its run log.
--------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.31.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
richard :: BILL [administrator]
Protection: Enabled
5/31/2012 12:44:25 AM
mbam-log-2012-05-31 (00-44-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217656
Time elapsed: 1 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
--------------------------------------------------------------------------
OTL logfile created on: 5/31/2012 12:47:13 AM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free
7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): Reg Error: Value error.
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: BILL | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RegServe\RSListener.exe ()
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Vista Anti-Lag\val.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Program Files\RegServe\RSListener.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Vista Anti-Lag\val.exe ()
========== Win32 Services (SafeList) ==========
SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe ()
========== Driver Services (SafeList) ==========
DRV - (mbr) -- C:\Users\richard\AppData\Local\Temp\mbr.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation)
DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
[2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions
[2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/02/21 14:47:27 | 000,440,055 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15133 more lines...
O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found.
O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [FileCleaner-Pro] C:\Program Files\File Cleaner Pro\FileCleaner-Pro.exe (WebMinds Inc)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun
O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
[2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2
[2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer
[2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En
[2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine
[2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine
[2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine
[2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/31 00:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
[2012/05/30 23:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 23:18:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 16:46:23 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/05/30 10:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip
[2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk
[2012/05/22 17:24:46 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/22 17:24:46 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/22 17:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/22 17:18:19 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat
[2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip
[2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk
[2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe
[2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2011/05/13 03:21:06 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\AVG10
[2010/11/09 02:46:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\BitZipper
[2011/01/31 20:55:21 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\EurekaLog
[2011/12/21 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LimeWire
[2011/05/07 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient
[2012/05/23 04:27:52 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\LolClient2
[2012/04/06 19:54:32 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Mumble
[2011/12/21 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\MusicNet
[2012/01/01 08:11:10 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Octoshape
[2012/01/01 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Origin
[2012/03/16 07:48:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RenPy
[2012/01/01 08:30:23 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\RIFT
[2009/11/12 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\SystemRequirementsLab
[2012/04/11 01:39:59 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\TS3Client
[2009/03/14 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\Unity
[2011/10/18 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\wargaming.net
[2010/11/09 02:47:17 | 000,000,000 | ---D | M] -- C:\Users\richard\AppData\Roaming\WeatherBug
[2008/10/01 20:47:32 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/22 16:44:34 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB14701$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
OTL Extras logfile created on: 5/31/2012 12:47:13 AM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 69.43% Memory free
7.22 Gb Paging File | 6.07 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): Reg Error: Value error.
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 149.30 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: BILL | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129047F0-65A3-4542-B3D1-D08358DABC46}" = rport=138 | protocol=17 | dir=out | app=system |
"{46325486-4C79-4B92-B5A3-9671E325CF0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{51DA498E-F129-423F-AB86-87567ECDAF71}" = lport=139 | protocol=6 | dir=in | app=system |
"{6149145F-F3E5-4A73-9700-DF2CED6B44AC}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6D62BDE0-015D-4565-8ACB-6ACF542692FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C8531AB-8274-4F26-80DE-0B7D222D8C9B}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DC9C3AA-0F2A-4BF4-BB87-3FA44DDDB480}" = rport=445 | protocol=6 | dir=out | app=system |
"{98B9AF27-02A6-4EA7-A872-7BE85E265451}" = lport=137 | protocol=17 | dir=in | app=system |
"{9DC461B9-0EB3-4D4C-9A67-9303A004738A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A74A2B2A-6DBE-40AC-9522-865DEE24787A}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader: 6112 |
"{B7964D78-BCCC-4328-9936-30ED155A9F2E}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED1B5868-03C4-4A46-8F1A-D8B25F9DB73E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A85AAC-0708-43B0-9D92-35F55B0FD7D9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{01FBCB8A-F4CF-4D38-BA81-62D577EFE127}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{03B793EE-64C1-4CAD-B290-05022AAA3319}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{04110C6F-DBF2-4F55-9869-D7A17097E867}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{048EE002-2ECD-4765-8D31-2E8D1AFA54F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{074FBA8C-0D47-4BF7-848D-BB96AD4E1A63}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{08E4DAC1-55CA-4CC5-9CC5-A82A1F086CC2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{0D15721C-0748-41C5-9DDE-3C3B3FB0DBED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{102D3171-ED31-4210-98B9-58AC5AF188B3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{10AA92A2-84D4-4E6A-9F20-D1F93752219A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
"{111587BA-F7BF-405A-9544-5822B625CC05}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{12CE5B83-C79D-4636-AA49-C89FFA577FC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{130EDF7A-F98F-4922-A652-C0D9C706E0EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{14444D68-70D4-4992-B419-3EF1E94DBE4E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{15ECFBFA-3521-4F7F-B36B-4BC05D130009}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
"{175C51DB-AD25-49D4-B1F5-EFDA900A12A3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
"{18E3ECE8-89F1-4D38-89D7-57E452A47E93}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
"{1B0842D7-9E27-4958-9FC5-4D9333D0AA6C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{1BD78863-1FB0-4F8B-B518-2EE40E2C0013}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{1E67325F-045E-43E5-88AB-C7C94E1113E7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1EA3C00C-932A-4EA7-A4DE-C2DDC82CF998}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1F3C9FCC-A0FA-48DE-85EE-112DD31E4B0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{21A6D3AE-0D6A-4620-A982-EDA3DDF53D62}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{255CA6C0-6AE0-4641-B771-128B33566D2A}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
"{2652A87E-C143-44AB-8E13-5ED402440EAB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{268A101D-B2F5-45E6-827A-3CA242EF4BF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{270D21E6-92CE-4617-834B-3ABC20084451}" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe |
"{289BB8E8-9DBA-4430-9FAD-8384CFC06B32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{290F91DA-7389-405B-9E0E-F509239B0711}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{2B12159A-C15C-4D81-8442-158DEF899E45}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe |
"{2B97A230-6242-4274-831F-8516A6795998}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{2BF1AC15-7B9A-465E-8462-CF08E2ECF562}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{2C7B69CB-844F-4887-904D-43821787CFBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{309D2B98-7CC4-4953-B58A-4C1E3C40CF5C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{30BB10B0-64EE-4E1F-9059-C2305ACF291A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{3219AFB6-9CEF-4DCF-84B3-21415164E107}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{33A6614E-0A1F-4AFC-8F3D-7E85489F1859}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
"{34CFB46B-BA9F-409D-B704-9B8C56907843}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3A9AC9C7-118C-401A-8511-C3BFB33117B7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3B5DFD94-D5E9-49FC-B9FB-11935BC888D5}" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe |
"{3B6CF03F-5929-439F-9A76-DB3FB820D7AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe |
"{3D2EBF2E-340A-4664-85E1-77A2D0A5DC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3DDA37E8-64D4-412B-A3DF-8348ACB95E79}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
"{40809F92-E686-4B6F-B0A6-3740C7970CB1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4360EA86-C047-4A1F-AACE-0D10C9A78F96}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{45A1C234-F75F-4203-9FDF-897D45BABABA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{45D785BC-0AC4-4B69-8AF5-20CC6A2741C7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{46AF020C-05E5-4A6C-BC32-3F1611C7BA3B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{4B0B91A2-DFCA-4A49-A2EC-1AB159099FA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{4CF3A253-D1C6-44DB-9134-1569B2356944}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4D34BE7D-61C6-4E14-8719-7E3C9DE1C555}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{4FA75AF9-DA6A-432E-B90E-DFB9748A072E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4FF400D8-198D-44D1-A2E3-BA70C4BF8BED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{505F7841-B300-455A-80A9-32423751B4AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{50E80CE7-B642-46C8-92FA-DA13D28A5635}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-enus-downloader.exe |
"{551A032E-3713-4F68-AC1C-E101CCED4679}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{551CD340-98AE-420E-B820-626FAF38703D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-enus-downloader.exe |
"{56FFF819-2D62-469F-96B2-683C0AE1C8BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{591F4490-818A-4D0A-BC3E-55B7009AA25B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{5E58F6C4-5E9C-4484-B799-C1D82A23811F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{60ACE5FD-0671-44F3-A99A-5D07C1ABB070}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe |
"{6475AD64-C59C-408F-BA2F-C5644A9ECE54}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{66AB1082-DABA-4794-8CE2-ED93C486E705}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{6805A50B-E126-42D6-B1FF-6715D671E05E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{6AD2F3DB-B625-4202-B901-6C277EB2D4B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{6AE99EF6-19B4-4075-AD7A-0CDDD08846F3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
"{6C9D5E83-3F95-4C90-8C9D-0CEFF2252BF6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{6CE5AFD3-B1E1-4560-B11B-F1B05A680090}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{6DF6873B-5558-46B2-B6EA-66573F467C86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{6E50C3E1-0B29-4C9F-9291-E2133A848E3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6E660239-7C88-4D90-A930-2057507D03EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{6E973155-5410-4412-8F06-C62C3A439432}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{7825E7C6-9A5B-4E0E-862F-761B2332771C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{7BF99AD6-3AAC-4ABB-9EDE-259EC9600B1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7C71D58C-01A1-40FE-B2D2-9FB14166FFAE}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
"{7CDF3919-BD6E-4CCB-A21F-CA42695C6833}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
"{868C724A-63E8-4BF6-AE52-C63CCBA35E69}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88FEF702-2979-493C-A16B-76509CEC9A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89E98773-CDB4-4CE7-B473-C249323E5105}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{8D6574AD-9266-477C-B9CF-F26FC5525AE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8D6793A4-C697-4954-A0F9-F76D1BFA7E8E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{8FB8A25C-B9A3-4C52-ABC4-1BD9824EC3CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{90723E2F-56DD-4293-A06B-A511AC3D4CD7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
"{94C77DF5-BC73-422A-B06E-EE2B776D461D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-enus-downloader.exe |
"{965470C3-1646-4E9A-936E-8B21CD33741B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9753DD48-C02D-48CA-9B90-20E5A39C1B09}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{97C2B38A-68B9-4D73-8121-9269564BAE2D}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
"{97EA33B9-F27B-41BB-80B6-70405604665A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{98A30F60-AFCD-477B-B769-79F69268AE4A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9A22A4E7-3F06-46F3-BFE4-6EF650A32729}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{A1F13F54-1010-4797-B64E-593AC4845B34}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{A59E5848-16AE-4010-B119-27DADF2A002C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
"{A5F80F71-0016-4BE3-9BE6-70ADAA19EBC8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-enus-downloader.exe |
"{A842B4C3-494D-4E9B-92FE-683E853D870C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-enus-downloader.exe |
"{A8AB56DD-77C5-4C35-88A6-520BFC14D6D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A9CEF112-EFC7-4B17-B137-739526A5FC95}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe |
"{AA6C8133-DB2C-408D-9BCC-5BB1721DF106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{ABB0C38A-30C4-411F-83C8-26251520FF02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{ADBEB06F-0279-42B6-8434-5EBB50836C16}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe |
"{AE31E958-08C8-40F1-A00B-CB29DED15DB3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10392-to-0.2.2.10433-enus-ptr-downloader.exe |
"{AF583A28-FD6A-4F65-9856-DB697142A8BF}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{B04BB4D6-A3A8-4911-A4D3-E6AB1180732D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe |
"{B1524640-A117-4108-A179-2EA1D566C836}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10433-to-0.2.2.10468-enus-ptr-downloader.exe |
"{B328BB98-412F-420F-B4B5-87E9FE553BFA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10357-to-0.2.2.10371-enus-ptr-downloader.exe |
"{B3B9321C-2BB6-4A65-9D8C-E864F09968DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{B9FA3C2B-F66C-4295-BF26-D06C769DA289}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{BCA5506E-2645-4960-86E0-213AA3FCC11A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{BED3CD03-223B-4B16-A3B1-861009AC20DD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{C551DA88-A3C7-4609-94D2-E556494B921E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB86B4D0-6E87-45EA-AECB-D515DA8DB249}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-enus-downloader.exe |
"{CDAFED9D-5971-4D52-B185-BE58110A3901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D197A340-D247-48C2-8DB7-36268345E113}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D3FE1508-60EC-4BCE-AA5B-D4DC3468D2C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D746DBD6-723A-44E2-B4D2-6C0D1371A190}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{D75E6BBD-3EDB-4F0A-8602-DD0E5D7E7477}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{DB699EDA-1EFB-40F0-AE48-598B0930379A}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DD855CAB-F25A-45A8-8B13-9D495FE3FFEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{DEAD55E2-4865-4DD9-9A8E-984DEEFA43A8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{E557D94A-C342-4468-8D12-AA8C35EF511D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7050F9C-2E18-4F70-8AB7-8D6E1DD2FBAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{E94CAA9E-03E1-4584-B561-C9BDE2D3FB56}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EFB29D85-B83B-450E-8636-A25B4BDF867B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F1C13C2A-382E-401E-B4E1-C17174364D53}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-enus-downloader.exe |
"{F32ABA4D-974A-4D70-93E6-DBCCAEEDBF9E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{F4EAD67B-4D70-41BB-9E84-1B55C0383009}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-enus-ptr-downloader.exe |
"{FAE7AE62-1FA7-41A8-84F6-2DCD91A5E648}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10371-to-0.2.2.10392-enus-ptr-downloader.exe |
"{FD1C6C9D-FE5C-47C8-B579-2DE9BDC82DDB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{FDC89089-DF59-48D7-8196-7D9081F24367}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-enus-downloader.exe |
"TCP Query User{009BBC87-7522-4F8E-88C5-4340484DD343}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{02B6D46F-EAE8-409E-9D63-B705C7A20B2D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{035DCA46-1906-432E-A11E-73905FA28BFF}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{03E3DE6D-3D0D-4088-91E6-C8D527BCD187}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{048D29D7-7D99-47B1-8FC9-726A0844B689}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{0870B23B-ACDB-4DE0-8969-50DEA4D162F1}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
"TCP Query User{09169BD3-3B9C-42FE-83C4-2F61ABA75ED1}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{0E6C0BB4-B2D4-4DC7-BEA9-C49209B02B16}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{0F7E8198-F86E-442D-A42B-4C839D27DBB5}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe |
"TCP Query User{1362C5A7-24D8-4488-BC75-C64AA03B1CCA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{1514D36D-EA88-41DA-8A32-AC06C8D8A272}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{18B42327-9FA6-410F-8BD7-763A8E40F340}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe |
"TCP Query User{1932AE47-140D-43EB-8F0C-7C7CAA1141B4}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe |
"TCP Query User{1963B85A-5E93-4960-91E2-B3E76345749B}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{26167E64-E2E6-44A0-9346-33D3697EF557}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"TCP Query User{2CDA4E80-B16F-4A36-BC04-295BBD89AE6F}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{2D4DFBA1-66C0-435B-ADDC-9F7531CCA697}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{310CC811-9E87-43C1-B9E0-5BEF03C93C2D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{33D5494E-DEFE-4A5F-B0DF-F3E5FC33F715}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{36634C55-E2A5-4E19-89BE-3309F6243769}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"TCP Query User{3A294DAB-B553-4B1D-93AC-C25D509DAE7D}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{3F8E4723-6552-4A68-B15C-DAA88E8DC13A}C:\users\richard\downloads\curseclient.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\curseclient.exe |
"TCP Query User{47A5D64C-635A-4774-891B-B77297CA1E1E}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{4B15D65B-441E-492F-995D-8696DADDFD42}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe |
"TCP Query User{4CF9ADF9-E346-45AF-AF0D-4AABEB06C935}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{514E0C9C-6031-4AC0-8044-B3C656A41C22}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"TCP Query User{51E7E566-3C4C-4184-885C-4DF30ACE2FE0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{5525AF59-2BCA-4AAB-906E-E72E92D891B4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{60EAF469-A392-44B7-A3CD-FCCD1FEED6E8}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{64D536FF-E4B3-455E-B947-E5D2952605AA}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{68EA163B-9825-4A8E-B082-AED0FFBA4EAB}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe |
"TCP Query User{694A24B0-6DD1-4341-9B8E-200BA2457CB5}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{723DA0D0-DA31-4D42-8B5B-572F9B064BB8}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{753EB020-C38F-4AC0-AEC3-878704E066F1}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe |
"TCP Query User{7573DB07-800C-47B4-8D32-11BB50F50947}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{7D2EC220-893B-4940-9D58-6A30E6B2935A}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{7EFE3986-52F2-499D-AFE4-6A611625897B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{83D87E87-DE45-4FEC-927F-6C46722BD8E0}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{8845BCDB-392C-494B-9636-5D63C3434990}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe |
"TCP Query User{8C54264C-4440-4389-8917-7282388B31AE}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{978FE80C-156C-4F57-9A24-E7A8ED659346}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{9C365E8E-65DD-4B35-8951-36E3F12E56E1}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe |
"TCP Query User{9CFBF0EC-4254-4BE4-B75A-161712CE2B4F}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe |
"TCP Query User{9DAC9088-808B-4542-8A33-2AB2BC0BA248}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"TCP Query User{A7A958CC-586C-4464-8A50-EF44269A10AB}E:\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe |
"TCP Query User{AB11D7FA-461B-40E0-AB86-DE72A83FED91}E:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft public test\launcher.exe |
"TCP Query User{B4130A4E-3B22-4E91-B4AB-418AD51C57FD}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"TCP Query User{B4A7D8A2-D9E6-4B1D-92D1-B7D515AD4E1A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B8307208-EE71-4DD5-82B9-116355413BE1}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe |
"TCP Query User{BD3DFB7F-BFE0-489F-A1E7-0E492E53F5CA}C:\users\richard\desktop\keyclone.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\keyclone.exe |
"TCP Query User{C5975A98-72D6-4628-9CBD-B966BCE02A48}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe |
"TCP Query User{CD683B05-FBF5-49F2-BF59-826C8F4AD6B5}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe |
"TCP Query User{CF8A917C-F087-4266-BFEA-6045FDB2E0DE}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe |
"TCP Query User{DB1BF7DB-433B-4475-9BE9-F08F3D6A7E0E}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{DE8A5FFA-2C05-4483-98C4-A29FD9782A87}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{DF99459C-EF4A-4D0B-990B-5D694116CC01}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe |
"TCP Query User{E02EE622-0975-4F61-A4EC-B6EC0CEAAF57}C:\program files\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\gest\run.exe |
"TCP Query User{EF3EB359-54EB-4117-8DAF-CD106B9EC908}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe |
"TCP Query User{EFC8BDA3-D6F1-4C5C-8F85-3C7653CCD09D}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"TCP Query User{F42087AD-7335-4068-B17E-86DECA04E92B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{F44E9546-F7F8-46C2-8F2A-52C8774D668B}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{F62FF5FA-7316-4E85-980B-73E6F811AE1C}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{F89884D0-2D23-4CCB-8FD0-E88CE4C91376}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
"TCP Query User{FB4E9E29-8885-4E0E-B340-75B2058E1418}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"TCP Query User{FCE57FC2-4462-4399-AEE9-0324EE13D94D}C:\program files\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"TCP Query User{FD444346-408F-47FF-931C-DD4D6A496448}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{03273838-4B1D-4DE2-8C94-6B7C89ED05DD}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{06569B77-ACE1-4C2C-88B9-F3D5E41A3E00}C:\program files\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"UDP Query User{0D61F23C-0CF6-4F8F-8524-6E51F0A7DBA3}C:\program files\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\gest\run.exe |
"UDP Query User{0D841E03-D362-4D34-8DAC-9C9DFE2181DA}C:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader(2).exe |
"UDP Query User{167FC9F7-93B7-496C-8337-D42E694A325E}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{17E9BA15-EDD3-48E6-BA91-FC92BCE3CFA5}C:\users\richard\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{224E28E4-B34B-46F3-A67B-800F0454DB80}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{246EBF2B-2F65-4CCE-9A3B-626566E6A1FF}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe |
"UDP Query User{2E6CFF86-5782-402A-8FA4-4CDAF1D0F58C}C:\users\richard\downloads\wotlk-intro_en_us-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wotlk-intro_en_us-downloader.exe |
"UDP Query User{31549126-DE8B-4968-A435-CC1F3533F4DF}C:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\counter-strike source\hl2.exe |
"UDP Query User{315E72EB-F52A-4D1A-BCF1-5AB5C1B3DC9D}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{322B093C-9C0B-402B-B139-54D315EBCD06}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{38FE104C-1C40-4E44-B054-7AC2452E831D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{3B6A912A-6177-4F11-B4FB-F3D032C5D5F4}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe |
"UDP Query User{3D05E7CA-2FD7-4C06-A9B4-20214303E2D1}C:\users\richard\desktop\keyclone.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\keyclone.exe |
"UDP Query User{3D932B79-C991-43D3-A1E1-E67FDBB51378}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{49AF349D-B17E-41F1-B8BB-BE5FCA52B8A4}C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe |
"UDP Query User{4C7C1C5A-BF5D-411F-8789-C03E80207763}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 52a827c0\launcher.exe |
"UDP Query User{4DDB0ECE-7508-4F42-A2E0-D65DA4C326B8}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{4FC3947E-3ABB-43EE-B8BE-F0921B39852B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6493B7FC-AF5F-44D3-B468-C06260420CF5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{6651CFFC-ECD3-4DCE-9FCC-864D111754F0}C:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\team fortress 2\hl2.exe |
"UDP Query User{68DBA035-EE16-4909-AEA4-C082AEAD0FF2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{69A6CA33-F3AF-4FE3-BB0A-1D4074F26C4A}C:\users\richard\desktop\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.exe |
"UDP Query User{6B035017-88AC-46A7-9B82-A51214E8DE46}C:\users\richard\desktop\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\launcher.patch.exe |
"UDP Query User{6B237776-B215-47BC-8A5B-C31AF9F92E0D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{6DFDBB76-3F00-4DFC-8D22-FAD543116521}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{719504E3-6AA8-4972-B61B-A5710BBBD92E}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{763795CD-DC22-45A5-AAAB-31129A40EB28}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe |
"UDP Query User{7864FF63-B1A2-423C-A7D4-C7B3C6D25264}C:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"UDP Query User{7B7EA8AB-5B5C-4186-82EA-A3A019F1C442}C:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\blizzard downloader.exe |
"UDP Query User{7EF0DD44-9BA9-4B63-8293-AB4FF212CB3E}C:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\temp\wow-4.0.1.2131-enus-ptr-tools-downloader.exe |
"UDP Query User{80EF87A7-BA60-4A7B-A403-DCED8DEDCE1B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{84C746B8-90CF-4845-B824-9CCD113A62E6}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{8C4974CA-2771-4598-991E-52DE8E0836E0}C:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{8D121294-FA52-4212-8C35-9D4B0FB25DAD}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{8EF39EC6-F49B-4EE7-AF86-3137CAB931D5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{930D44FD-932E-4BFB-BBDC-821227893BF9}C:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\world of warcraft public test\temp\wow-4.0.1.2121-enus-ptr-tools-downloader.exe |
"UDP Query User{9313FE1C-B275-49E7-BF3A-14725694D29F}C:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\smg24\day of defeat source\hl2.exe |
"UDP Query User{95CFE0D4-C4BD-4459-8798-ABBAFD52FEDB}C:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe |
"UDP Query User{9C3D4250-0031-4A83-A6A1-266F08DAF004}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{A01786EF-3E05-486D-8A9D-9A4EE6DDFAD9}C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{A3953C60-6D16-4EFD-954D-CA7687D91E7E}E:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\launcher.exe |
"UDP Query User{A48449DC-BDC3-4E09-971A-00D4FA9C7D40}C:\users\richard\downloads\curseclient.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\curseclient.exe |
"UDP Query User{A7A71E76-34F6-4DC1-AFD2-15542FF72DC0}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{AAF31584-12C6-470C-B57F-D9F025429D38}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{AC5B1C19-6B0F-4074-A33A-DAE0BC752E85}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{ACD9B877-FC2D-4138-BD5A-73DAB90814DF}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{B6845C59-1789-410D-8B5A-CF5B514FCDF9}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{BA001718-1C4D-465F-A316-A83435A622A9}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{BE94AF44-B93C-4ECA-B7E5-8D7E6DD306BA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{BECF81BA-4DF8-4C2E-818D-8CCCAB29D5FD}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{BF66F723-2D0A-476D-9BCC-715162659AC3}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"UDP Query User{C2648667-9171-407A-9912-100B2689D4CB}C:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{C3B00B90-BC34-4DF4-B00B-F27A8E1A3CB0}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{C90F70A3-75FE-4D49-9561-74AE45AF39B4}C:\users\richard\downloads\ptr-installer-en_us(2).exe" = protocol=17 | dir=in | app=c:\users\richard\downloads\ptr-installer-en_us(2).exe |
"UDP Query User{D17AEC0C-1D73-4FD8-B168-CE6978A5737F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D2DE9292-5AB9-48B4-A2B8-8EF06CD2C908}C:\program files\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"UDP Query User{D603F158-E10F-4242-A53F-2C12D41EF785}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{E0A7665C-0B00-4101-B2E3-9034C7A5EF72}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{E51376B1-840B-4DB1-A983-5A9C5CC31AD1}C:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\temp\blizzard launcher temporary - 4f92a2d0\launcher.exe |
"UDP Query User{EBCF5AC8-3D6B-4328-BF24-4E3AC6988CEC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{EBE0E2D5-8DC0-4745-8635-76EF487BB8A8}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{F19654AD-DDBF-4AAC-8964-7B4A7A65A2DF}E:\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft public test\blizzard downloader.exe |
"UDP Query User{F5ED05E3-4088-4286-A837-222D6568A982}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{F936FB9D-662C-418F-B87F-4C2886B5207E}C:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"BitZipper_is1" = BitZipper 2010
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"ERUNT_is1" = ERUNT 1.1j
"File Cleaner Pro_is1" = File Cleaner Pro v.4.0.3
"Google Chrome" = Google Chrome
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Katawa Shoujo" = Katawa Shoujo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moonshine" = Moonshine 1.0E
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"RegServe" = RegServe
"Steam App 10680" = Aliens vs Predator
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Unzip Wizard" = The Unzip Wizard
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Live Toolbar" = Windows Live Toolbar
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xippit" = Xippit 7.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/4/2011 12:49:31 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3028
Description =
Error - 5/4/2011 12:49:33 AM | Computer Name = Bill | Source = Windows Search Service | ID = 3058
Description =
Error - 5/4/2011 12:49:56 AM | Computer Name = Bill | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1010
Description =
Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
Error - 5/4/2011 12:51:54 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
Error - 5/4/2011 12:51:55 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
Error - 5/4/2011 12:51:56 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
Error - 5/4/2011 12:51:58 AM | Computer Name = Bill | Source = Perflib | ID = 1008
Description =
[ System Events ]
Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
Description =
Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
Description =
Error - 5/22/2012 6:47:59 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
Description =
Error - 5/22/2012 6:48:00 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7001
Description =
Error - 5/22/2012 7:18:34 PM | Computer Name = Bill | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7023
Description =
Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003
Description =
Error - 5/22/2012 7:19:58 PM | Computer Name = Bill | Source = Service Control Manager | ID = 7003
Description =
Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7009
Description =
Error - 5/29/2012 3:39:26 AM | Computer Name = Bill | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Hi,
Lets do this and then I will give you a link to the AVG removal tool, there are a lot of leftover entries for it along with dogpile and a few others that are trackware and not recommended.
AVG Remover
http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe
Also, you need to install Antivirus software, this is a free one from Microsoft, download and install it unless you have plans on purchasing one on your own
http://windows.microsoft.com/en-GB/windows/products/security-essentials
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4e96e99a&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dogpile.com/
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={489EA029-A600-4B1B-8194-1C4F0609F588}&mid=13496ef7b34347d1b142d15b5169efac-595041a2fc7a28adbb1649a0d937d056c8ab4d7e&lang=us&ds=AVG&pr=fr&d=2011-12-12 03:26:57&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm002YYus&ptb=CF5D092C-BC69-465F-AD4C-3AE7B4321CF4&ind=2011080121&ptnrS=Y9xdm002YYus&si=radiopi&n=77dea5b9&psa=&st=sb&searchfor={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
[2011/12/12 04:27:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (no name) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {C53FE659-316A-4F56-A194-A5BE491BE866} - No CLSID value found.
O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031949b3-28b6-43a4-90e2-dde1cfe21390}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C53FE659-316A-4F56-A194-A5BE491BE866} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found.
Registry value HKEY_USERS\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\richard\Desktop\cmd.bat deleted successfully.
C:\Users\richard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: richard
->Temp folder emptied: 311632 bytes
->Temporary Internet Files folder emptied: 2584980 bytes
->Java cache emptied: 61185 bytes
->Google Chrome cache emptied: 441542096 bytes
->Flash cache emptied: 343 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1143319164 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,514.00 mb
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_134429
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
--------------------------------------------------------------------------
OTL logfile created on: 5/31/2012 1:51:53 PM - Run 3
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\richard\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.47% Memory free
7.18 Gb Paging File | 5.98 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): Reg Error: Value error.
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 102.66 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: BILL | User Name: richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\richard\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RegServe\RSListener.exe ()
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Program Files\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Program Files\RegServe\RSListener.exe ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Win32 Services (SafeList) ==========
SRV - (DAUpdaterSvc) -- c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe ()
========== Driver Services (SafeList) ==========
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (ET5Drv) -- C:\Windows\System32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (UsbFltr) -- C:\Windows\System32\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation)
DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll (RadioPI)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
[2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions
[2009/06/13 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/01 22:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/23 17:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/05/31 13:44:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3916996827-18406454-3383277520-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=3&t=nEjB59C7U File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE248EC-1200-4260-8370-2CDBD9A93DA7}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6ECEB31-BFA1-4A56-9BC3-565EBBE2677A}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell - "" = AutoRun
O33 - MountPoints2\{d9f383bf-f0a3-11dd-9a03-0012178d065f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/31 13:44:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/31 06:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/05/31 06:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/31 06:36:45 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe
[2012/05/31 06:33:07 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\AVG
[2012/05/31 06:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/31 06:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/31 06:10:17 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/05/31 00:29:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
[2012/05/28 13:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/23 04:27:52 | 000,000,000 | ---D | C] -- C:\Users\richard\AppData\Roaming\LolClient2
[2012/05/22 21:26:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/22 21:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 15:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012/05/14 02:18:43 | 000,000,000 | ---D | C] -- C:\Users\richard\Diablo-III-8370-enUS-Installer
[2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ONScripter-En
[2012/05/11 03:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Moonshine
[2012/05/11 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moonshine
[2012/05/11 02:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Moonshine
[2012/05/04 03:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
========== Files - Modified Within 30 Days ==========
[2012/05/31 13:53:21 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/31 13:53:21 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/31 13:46:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 13:46:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/31 13:46:30 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 13:44:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/31 13:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/31 12:55:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/31 06:56:13 | 000,000,959 | ---- | M] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/31 06:36:38 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\richard\Desktop\avg_remover_stf_x86_2011_1322 (1).exe
[2012/05/31 06:01:39 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/05/31 00:28:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\richard\Desktop\OTL (1).exe
[2012/05/29 19:28:15 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/05/28 13:57:17 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/22 21:56:02 | 000,003,563 | ---- | M] () -- C:\Users\richard\Desktop\Attach.zip
[2012/05/22 21:24:31 | 000,000,714 | ---- | M] () -- C:\Users\richard\Desktop\ERUNT.lnk
[2012/05/22 16:59:45 | 000,001,356 | ---- | M] () -- C:\Users\richard\AppData\Local\d3d9caps.dat
[2012/05/14 16:12:47 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/05 03:36:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 03:36:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/05/31 06:56:13 | 000,000,959 | ---- | C] () -- C:\Users\richard\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/31 06:11:59 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/28 13:57:17 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/22 21:56:02 | 000,003,563 | ---- | C] () -- C:\Users\richard\Desktop\Attach.zip
[2012/05/22 21:24:31 | 000,000,714 | ---- | C] () -- C:\Users\richard\Desktop\ERUNT.lnk
[2012/05/22 17:18:19 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/14 15:51:59 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/04/18 10:54:30 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/01 02:49:02 | 000,002,309 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/21 12:12:58 | 000,005,632 | ---- | C] () -- C:\Users\richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 01:55:45 | 000,100,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/17 00:22:06 | 000,011,776 | ---- | C] () -- C:\Windows\System32\RSDefrag.exe
[2011/01/10 21:08:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB14701$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >
I still see a couple of entries for AVG, did you run the removal tool ?
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Yes I ran the removal tool, but I took these two links provided in the opposite order so maybe It was just the PC tune up stuff that was left? I ran it again to be sure.
AVG Remover
http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe
-----------------------------------------------------------------------------
:laugh: I'm not entirely sure how to disable security essentials. My first guess was security center but "the security center service cannot be started".
SecEss detected a few java exploits after i downloaded it. I updated java but haven't done anything to the detections.
Nevermind, ^_^ found a checkbox for "real time protection"
C:\Program Files\RadioPI_4eEI\Installr\2.bin\4eEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\RegServe\SilentRemover.exe a variant of Win32/Adware.RegDefense application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
C:\Users\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
C:\Users\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
C:\Users\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
"Windows Defender" was still registered as active before the scan...hopefully that didn't affect anything.
Good Morning,
I would uninstall both of these programs
C:\Program Files\RadioPI_4eEI
C:\Program Files\RegServe
Then go into Spybots Recovery folder and remove it all
C:\ProgramData\Spybot - Search & Destroy\Recovery
Delete this from your desktop
C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe
Go into the downloads folder and delete it all but not the download folder itself
C:\Users\richard\Downloads
Did you create this
C:\Windows.old <---
What I would do is rerun ESET, this time let it remove what it finds
I personally didn't intentionally create windows.old...it's possible someone else did but i have no idea.
there's two of them with the same date of creation from 2008...windows.old and windows.old.000
ESET ran and cleaned one issue after all preliminary actions were taken =).
Did it clean everything in the old folder ?
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\Windows.old
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
After the ESET fix scan i couldn't find a log, maybe because i didn't delete the first log beforehand, but i'm almost positive the entry that was "fixed" was C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application. There was definately only a single entry fixed.
You probably have already seen this but all the .old.000 entries from the first scan seem to be doubles of all the regular entries...maybe some mirror thing going on. wierd :euro:
Here's system look =D
--------------------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 21:26 on 01/06/2012 by richard
Administrator - Elevation successful
========== dir ==========
C:\Windows.old - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
-= EOF =-
Lets go here and do the same thing and delete those files
C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe
C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar
Let me know how it went .
Then run a new scan with ESET and post the log please
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar was the only file i could find and ESET turned up clean.
Things to note...C:\users\richard and C:\windows.old.000\documents and setting\richard are 100% identicle...i couldn't get into C:\windows.old.000\documents and settings\richard without using start search...the folder didn't exist going through computer-->local disk.
The exact same thing applied to C:\Windows.old.000\Users\All Users and C:\ProgramData...all files contained are identicle and i couldn't find C:\Windows.old.000\Users\All Users without using start search.
inside this C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery...WinAgentws1.zip was no longer there, but i did find a bunch of .zip files with names i recognized as malicious? There's about five in there but two examples are GameVancePlaySushi5.zip and WiIQfraud2.zip (there's multiple copies of all of them)...The GUI for spybot shows the recovery section as empty.
Here's ESET :D: I went to sleep when i started the scan so i wasn't able to get the regular looking log (as far as i know) hopefully this is the same thing.
--------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=edf20e162e4fdb4992401ab3118fe57f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 01:34:27
# local_time=2012-06-02 07:34:27 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 100 32636270 175245329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=269839
# found=0
# cleaned=0
# scan_time=6310
It looks like those folders may have been from a previous installation of windows. Did you buy this computer used ?
http://windows.microsoft.com/en-us/windows7/How-do-I-remove-the-Windows-old-folder?SignedIn=1
Lets go a bit further, plug these into System Look
:dir
C:\Windows.old
C:\Windows.old.000
This system was put together brand new by myself and a couple other highschool kids at the time :eek: so it's very possible we did something wierd.
SystemLook 30.07.11 by jpshortstuff
Log created at 16:36 on 02/06/2012 by richard
Administrator - Elevation successful
========== dir ==========
C:\Windows.old - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
C:\Windows.old.000 - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
-= EOF =-
I think that to be safe you can copy these to a folder you can create on your desktop and then delete them, then in a few days when things are running ok you can delete the new folder as well. If you dont feel comfortable doing it its fine, there is nothing malicious in there anymore
C:\Windows.old
C:\Windows.old.000
I'll just leave it alone for now :D:...but to clarify...i would need to copy C:\Windows.old (and the other one) into a desktop folder...and then i would delete the folders inside C:\? If you don't mind me asking :red:, what does putting them on the desktop do?...is it just like a backup?
Yes, if there was a problem you could always copy and paste them from the desktop folder back to your C:/ Drive where they where but I betting there not needed.
Everything running OK ?
Windows.old.000 was deleted without any issues.
when i try to delete windows.old i get a "you need to confirm this operation"...so i click the "continue" button that has the administrator picture next to it. Then i get a second prompt that darkens the screen and sais "windows needs your permission to continue"...so i hit continue...but then i get a message that sais destination folder access denied "you need permission to perform this action" and the file stays.
but yes, everything seems to be running fine =)
windows.old also took a long time to copy and prompted me with a few "detected duplicate files what would you like to do" screens.
Good Morning,
Why dont you just hang on for a bit and let me inquiry about these, no malware inside any longer and they may just be clutter but let me double check. I will be back as soon as I can.
Hey,
I have been part of this wonderful tech community for about 12 years, the cooperation between forums helping one another with issues or passing along information about the latest threats is unbelievable , whenever I have anyone that posts in the Malware forum for a problem and then we find no malware and decide its a windows or hardware problems I always send them to http://www.whatthetech.com/ for help, the people manning the windows forums are the best.
Had a windows guy ( one of the best on the internet ) look over our posts and this is what he came up with, basically he is saying that windows.old is not taking up much space and it could be beneficial in the future so he recommends just keeping it.
Most people who have upgraded their OS don't realize that windows.old even exists on their machine.
In a manner of thinking, windows.old is similar to a "parallel installation of Windows" and includes not just the prior Windows OS, but all the applications previously installed, all the Users, and all the data belonging to those users.
They never notice it, and probably wouldn't know what to do with it if they ever did need it.
Just as a FYI...Here's the MS instructions for restoring from windows.old (again, this is just FYI and I am not suggesting that you use it at this time, and probably never)
http://support.microsoft.com/kb/933168
Yes, windows.old is "clutter", and can be removed...... ****BUT
If ever this OP needed to restore the machine to the prior OS, at that time windows.old would be "essential".
Whether or not it becomes an important issue to this OP depends upon any future occurance of catastrophic failure and more importantly depends upon what other backup/restore options they have available.
e.g. Does OP have available in their possession:
OEM factory restore CD (related to the prior Windows installation)
Installation media for this current Vista Basic
.iso full drive and partitions backup (i.e. Acronis or Macrium, or similar)
*This machine probably does not have a system recovery partition, the likes of which come standard on OEM computers with pre-installed Windows where there is no accompanying CD/DVD installation media.
**I say this because OP describes throwing this machine together in collaboration with other high schoold buddies, therefore they would probably not have been Microsoft Partners, and would not have used Microsoft OPK (OEM Preinstallation Kit) through which they might have included the creation of a recovery partition on the machine Hard Drive.
Arguement against "using" windows.old:
Using windows.old would result in the machine reverting to XP or whatever prior OS had been installed.
Note: There is different situation in which windows.old "might" be essential...
That is, (If the installation of Vista Basic was an "upgrade")
In that case, if ever the OP needs to reinstall Vista Basic as an Upgrade, they will also be required to provide "proof of prior qualifying OS" to support the upgrade.
Reinstalling Vista Basic (as an upgrade procedure) would benefit from the existance of Windows.old as the qualifying reference.
Therefore, my recommendation:
>> Keep Windows.old. <<
___________________________
Other considerations:
OP has 102.66 Gb Free Space on C:\ which is about 22% of their 500GB HD.
That should be sufficient (at least for now)
And any gain from deleting windows.old would be trivial.
Other observations:
We don't know if windows.old is "competent".
IF it is not, then it is wasted space.
IF it is, then it "might" be needed and useful in the future.
and I don't know any method for verifying windows.old, except to actually use it to try to restore to prior Windows OS and configuration.
(** I am "not" suggesting to do that, since OP apparently wants to continue with the current Vista Basic and you don't want to throw OP back to whatever they had before Vista Basic)
________________________
Unrelated Observation:
OP initially had 149GB Free Space on C:\
--- then you instructed some procedures
After which OP had 102GB Free Space on C:\
What's up with that?
Do you anticipate that when you do your final cleanup and uninstall the various speicialized tools, that the Free Space will then be recovered?
Further Unrelated Observaton:
This machine has several Game installations plus Steam installation to make the games run(better).
There are also game related utilities such as Ventrilo and download assists and bearshare
There seem to be a bunch of broken Registry Items.
Even the Registry Reference to Paging File seems to be missing or broken.
You have rightly cautioned OP to avoid using automated Registry Cleaners.
But the damage may already have been done.
If ever there was a machine, OS, configuration, and installed applications that was ripe for a Format and Reinstall... this might be it.
On the otherhand, the machine is running.
It would be tedious, time-consuming and possibly costly to go through the process of downloading and reinstalling all of those games and utilities after formating and reinstalling and updating Windows Vista Basic.
Depending upon OP's intentions (Maybe OP will be using the machine only for school work, office functions, and browsing)...
If OP wishes to continue with the same gaming activity, they might be better off just continuing as is.
But if they are moving away from gaming, a fresh installation may improve the function and avoid residual conflicts.
__________________
I don't know how to repair the Registry link for Paging File.
But Paging / Swap File pseudo-ram resources might improve gaming functionality.
What I would do....
Go to Start - Computer - (right-click)Properties - Advanced(tab) - Settings(button)
I would select:
"No Paging file"
apply
OK
Reboot.
Go to Start - Computer - (right-click)Properties - Advanced(tab) - Settings(button)
Then Select: "Automatically manage paging file size for all drives"
Apply
OK
Reboot
Paging File "should" then be addressed and available without errors in the Registry links.
So with that said unless you feel you have any other issues you think are related to malware I will close this thread, please reply back and let me know
Ken :)
I do still have one thing i'd like to ask about...this one is from my first post with spybot search and destroy. Spybot seems to be the only scan that has picked up W3i.IQ5.fraud at C:\Windows\System32\AI_RecycleBin\? Is it possible this is just a faulty detection?
Thank for the awesome info! =D Your help has been invaluable and on top of all things i've learned a lot ^_^. You guys really do an amazing job with these forums.
That file appears to be in your Recycle Bin, empty it out and run a new scan with Spybot and see if it goes away