Jump to content

balwaremytes

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by balwaremytes

  1. Its still there. Tried removing it on the Extension tab but it still keeps coming back
  2. All processes killed ========== OTL ========== C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5\META-INF folder moved successfully. C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5\components9 folder moved successfully. C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5\components2 folder moved successfully. C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5\components folder moved successfully. C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5\chrome folder moved successfully. C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5 folder moved successfully. ========== FILES ========== File\Folder C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5 not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Administrator\Desktop\cmd.bat deleted successfully. C:\Users\Administrator\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 69917555 bytes ->Temporary Internet Files folder emptied: 545329 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5806283 bytes ->Google Chrome cache emptied: 238381096 bytes ->Flash cache emptied: 57856 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4182 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 300.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01092014_023314 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Hello. Sorry for the delay on the reply. School is back sooo. btw it did not generate an Extras.txt so i'll only be posting OTL.txt: OTL logfile created on: 1/5/2014 11:42:14 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.86 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.41% Memory free 3.61 Gb Paging File | 2.28 Gb Available in Paging File | 63.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 4.14 Gb Free Space | 1.39% Space Free | Partition Type: NTFS Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe PRC - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe PRC - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2013/09/12 13:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe PRC - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe PRC - [2011/09/30 03:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe PRC - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe PRC - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe PRC - [2011/03/15 00:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010/04/20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2009/12/21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009/11/24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009/11/11 18:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe MOD - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe MOD - [2013/10/30 05:44:58 | 000,678,584 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll MOD - [2013/10/30 05:38:52 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll MOD - [2013/10/30 05:38:32 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\SysInfo.dll MOD - [2013/08/23 18:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll MOD - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe MOD - [2012/12/04 22:15:17 | 000,247,808 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ToolBarMgrPlugin.dll MOD - [2012/11/30 22:30:47 | 000,256,512 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll MOD - [2012/11/30 22:30:13 | 000,333,824 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\MenuMgrPlugin.dll MOD - [2012/11/30 22:30:02 | 000,270,848 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XFramePlugin.dll MOD - [2012/11/30 22:29:57 | 000,331,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\StatusBarMgrPlugin.dll MOD - [2012/11/30 22:29:36 | 000,595,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\core.dll MOD - [2012/11/30 13:50:37 | 000,580,096 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll MOD - [2012/11/30 13:50:09 | 000,854,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SMSUIPlugin.dll MOD - [2012/11/23 15:14:49 | 000,119,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ConnectMgrUIPlugin.dll MOD - [2012/11/23 15:14:40 | 000,416,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogUIPlugin.dll MOD - [2012/11/23 15:14:29 | 000,715,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallUIPlugin.dll MOD - [2012/11/23 15:14:22 | 000,493,568 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoUIExPlugin.dll MOD - [2012/11/23 15:14:16 | 000,302,592 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DiagnosisPlugin.dll MOD - [2012/11/23 15:14:07 | 000,391,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectPlugin.dll MOD - [2012/11/23 15:14:02 | 000,117,248 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LayoutPlugin.dll MOD - [2012/11/23 15:13:52 | 000,818,688 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookUIPlugin.dll MOD - [2012/11/23 15:13:49 | 000,569,344 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogSrvPlugin.dll MOD - [2012/11/23 15:13:47 | 000,702,464 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoSrvPlugin.dll MOD - [2012/11/23 15:13:47 | 000,177,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallSrvPlugin.dll MOD - [2012/11/23 15:13:45 | 000,730,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceAppPlugin.dll MOD - [2012/11/23 15:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NotifyServicePlugin.dll MOD - [2012/11/23 15:13:42 | 000,729,088 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceSrvPlugin.dll MOD - [2012/11/23 15:13:40 | 000,704,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsAppPlugin.dll MOD - [2012/11/23 15:13:39 | 000,219,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsSrvPlugin.dll MOD - [2012/11/23 15:13:38 | 000,593,408 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialupUIPlugin.dll MOD - [2012/11/23 15:13:38 | 000,157,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\STKSrvPlugin.dll MOD - [2012/11/23 15:13:38 | 000,142,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\USSDSrvPlugin.dll MOD - [2012/11/23 15:13:37 | 001,124,352 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookPlugin.dll MOD - [2012/11/23 15:13:33 | 000,672,768 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookSrvPlugin.dll MOD - [2012/11/23 15:13:31 | 000,236,032 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialUpPlugin.dll MOD - [2012/11/23 15:13:31 | 000,201,216 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISPlugin.dll MOD - [2012/11/23 15:13:30 | 000,247,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetSrvPlugin.dll MOD - [2012/11/23 15:13:20 | 000,065,536 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSPowerMgr.dll MOD - [2012/11/23 15:13:18 | 000,131,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSNDIS.dll MOD - [2012/11/23 15:13:17 | 000,288,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\sdk.dll MOD - [2012/11/23 15:13:17 | 000,166,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSDialup.dll MOD - [2012/11/23 15:13:17 | 000,102,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSAdapt.dll MOD - [2012/11/23 15:13:16 | 000,646,144 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AtCodec.dll MOD - [2012/11/23 15:13:14 | 000,195,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XCodec.dll MOD - [2012/11/23 15:13:12 | 000,583,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\PluginContainer.dll MOD - [2012/11/23 15:13:10 | 000,062,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSCall.dll MOD - [2012/11/23 15:13:09 | 000,187,392 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallAppPlugin.dll MOD - [2012/11/23 15:13:06 | 000,168,960 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ATR2SMgr.dll MOD - [2012/11/23 15:12:55 | 000,158,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectSrvPlugin.dll MOD - [2012/11/23 15:12:54 | 000,407,040 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Proxy.dll MOD - [2012/11/23 15:12:54 | 000,155,136 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DataServicePlugin.dll MOD - [2012/11/23 15:12:52 | 000,158,208 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Trace.dll MOD - [2012/11/23 15:12:51 | 000,628,224 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Common.dll MOD - [2012/11/12 12:48:40 | 000,694,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LiveUpdateInterface.dll MOD - [2012/11/01 21:10:52 | 000,370,176 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll MOD - [2012/11/01 21:10:52 | 000,350,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll MOD - [2012/11/01 21:10:52 | 000,192,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll MOD - [2012/11/01 21:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll MOD - [2012/11/01 21:10:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qico4.dll MOD - [2012/10/31 18:33:34 | 009,562,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtGui4.dll MOD - [2012/10/31 18:14:12 | 001,148,416 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtNetwork4.dll MOD - [2012/10/31 18:11:48 | 000,398,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtXml4.dll MOD - [2012/10/31 18:11:24 | 002,417,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtCore4.dll MOD - [2012/07/27 15:53:54 | 001,114,112 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISAPI.dll MOD - [2012/06/06 10:22:00 | 000,224,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\tdpcvoice.dll MOD - [2012/06/06 10:22:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Win7Support.dll MOD - [2010/11/29 05:34:18 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2010/05/12 19:25:00 | 000,037,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL MOD - [2009/06/23 11:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\libgcc_s_dw2-1.dll MOD - [2009/01/11 03:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\mingwm10.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2013/12/16 19:01:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/11/15 03:10:07 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013/10/01 21:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/09/23 23:22:04 | 000,654,552 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service) SRV - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc) SRV - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 21:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/09/30 04:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/06 02:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\air21\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/11/06 04:17:46 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus) DRV - [2013/08/15 18:01:50 | 000,122,376 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2013/08/15 18:01:06 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2013/08/15 18:00:26 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2013/04/05 20:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2012/12/03 19:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb) DRV - [2012/10/30 13:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2012/09/29 22:58:32 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2) DRV - [2012/08/20 09:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012/08/20 09:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012/01/09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/12/31 10:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/06/21 14:59:22 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877) DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 19:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/07/27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010/07/05 04:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010/05/12 19:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2010/03/18 14:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2010/03/11 18:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010/01/08 19:50:08 | 000,232,448 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/01/07 13:32:24 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/14 09:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/05/12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2006/12/01 15:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303) DRV - [2006/04/25 11:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter303.sys -- (vmfilter303) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 B7 CC FB 78 4A CB 01 [binary data] IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.41 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.backup.ftp: "172.0.21.21" FF - prefs.js..network.proxy.backup.ftp_port: 8888 FF - prefs.js..network.proxy.backup.socks: "172.0.21.21" FF - prefs.js..network.proxy.backup.socks_port: 8888 FF - prefs.js..network.proxy.backup.ssl: "172.0.21.21" FF - prefs.js..network.proxy.backup.ssl_port: 8888 FF - prefs.js..network.proxy.ftp: "172.21.0.39" FF - prefs.js..network.proxy.ftp_port: 8088 FF - prefs.js..network.proxy.gopher: "172.21.0.39" FF - prefs.js..network.proxy.gopher_port: 8088 FF - prefs.js..network.proxy.http: "172.21.0.39" FF - prefs.js..network.proxy.http_port: 8088 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.21.0.39" FF - prefs.js..network.proxy.socks_port: 8088 FF - prefs.js..network.proxy.ssl: "172.21.0.39" FF - prefs.js..network.proxy.ssl_port: 8088 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 09:14:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:04:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/11/07 01:46:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M] [2010/09/27 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2013/12/27 22:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\an3ukoya.default\extensions [2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/06/10 18:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011/06/10 18:22:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013/09/30 02:17:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5 [2011/12/08 12:17:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2013/03/12 17:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2011/12/08 12:17:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/08 12:17:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\IDMGCExt.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: PluginRichmediaplayer (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Disabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Garena Talk Plugin (Disabled) = C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Nokia Suite Enabler Plugin (Disabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Attack on Titan Theme for 1440x900 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke\1.2_0\ CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: IDM Integration = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\ CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadkjnljmcmhlhlnajpnfebchgiemack\0.9\ CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: My Chrome Theme = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\ CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/11/07 21:13:06 | 000,003,412 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 69 more lines... O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found. O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [DriverMax_RESTART] File not found O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe () O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputers = 0 O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O15 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09}: NameServer = 202.126.40.5 10.198.220.124 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}: DhcpNameServer = 192.168.0.251 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857}: NameServer = 58.71.2.8,58.71.2.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0}: NameServer = 202.126.40.5 10.198.220.124 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/11/17 06:37:37 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010/12/21 10:42:30 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/01/05 23:41:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2014/01/05 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temporary Projects [2014/01/05 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.0A [2014/01/05 16:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects [2014/01/05 16:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 [2014/01/05 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator [2014/01/05 16:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2 [2014/01/05 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2014/01/05 16:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008 [2014/01/05 16:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2014/01/05 16:34:02 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2014/01/05 16:33:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033 [2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop [2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools [2014/01/05 16:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools [2014/01/05 16:30:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Visual Studio 2008 [2014/01/01 04:41:23 | 000,000,000 | ---D | C] -- C:\_OTL [2013/12/27 22:04:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/12/26 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2013/12/26 04:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/12/26 04:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/12/26 04:04:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/12/26 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/12/25 10:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\8aca19f1a27ddeff [2013/12/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MPC-HC [2013/12/24 18:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack [2013/12/24 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack [2013/12/22 15:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013/12/22 07:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Integrated Camera Driver [2013/12/22 07:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Chicony Electronics Co.,Ltd [2013/12/22 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield [2013/12/22 07:36:23 | 000,132,864 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\drivers\5U877.sys [2013/12/22 07:36:23 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.ax [2013/12/22 07:27:57 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.dll [2013/12/22 06:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globe Tattoo Broadband [2013/12/22 06:46:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2013/12/22 06:46:22 | 000,379,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys [2013/12/22 06:46:22 | 000,205,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys [2013/12/22 06:46:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2013/12/22 06:46:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2013/12/22 06:46:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2013/12/22 06:46:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2013/12/22 06:46:22 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2013/12/22 06:46:22 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2013/12/22 06:46:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2013/12/22 06:46:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2013/12/22 06:46:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013/12/17 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5 [2013/12/17 17:05:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/12/17 04:44:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games [2013/12/17 04:44:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Pokemon Showdown [2013/12/17 04:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon Showdown [2013/12/09 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix [2013/12/08 00:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax [2013/12/08 00:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions ========== Files - Modified Within 30 Days ========== [2014/01/05 23:46:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job [2014/01/05 23:43:46 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/05 23:43:46 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/05 23:26:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500UA.job [2014/01/05 22:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job [2014/01/05 22:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/05 22:30:17 | 000,720,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014/01/05 22:30:17 | 000,146,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014/01/05 21:32:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job [2014/01/05 21:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job [2014/01/05 18:46:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/05 18:36:20 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500Core.job [2014/01/05 16:51:58 | 000,000,257 | ---- | M] () -- C:\Windows\ODBC.INI [2014/01/05 15:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/05 15:41:16 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys [2014/01/05 10:04:05 | 000,000,084 | ---- | M] () -- C:\Windows\option.ini [2014/01/04 23:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job [2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013/12/28 17:13:35 | 003,794,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/12/28 04:46:59 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs [2013/12/25 02:27:03 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013/12/22 06:48:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf ========== Files Created - No Company Name ========== [2013/12/26 04:25:25 | 003,794,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013/12/22 18:58:46 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013/12/22 18:26:56 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs [2013/12/22 06:48:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013/12/17 04:42:02 | 000,001,974 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk [2013/12/08 18:41:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job [2013/11/09 01:49:18 | 000,000,084 | ---- | C] () -- C:\Windows\option.ini [2013/11/07 02:29:16 | 000,007,760 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel [2013/09/21 14:06:54 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll [2013/09/21 14:06:44 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL [2013/09/21 14:06:43 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe [2013/09/21 14:06:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL [2013/08/10 08:06:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/08/10 08:06:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/08/10 08:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/08/10 08:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/08/10 08:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/30 21:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/29 10:09:38 | 000,000,884 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol [2012/12/10 03:02:58 | 000,202,080 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012/11/13 18:00:00 | 000,000,257 | ---- | C] () -- C:\Windows\ODBC.INI [2012/11/13 17:57:12 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe [2012/10/07 12:21:11 | 000,007,597 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2012/05/26 16:56:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012/05/26 16:56:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012/05/24 20:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\syconfig.INI [2012/05/24 20:15:15 | 000,243,712 | ---- | C] () -- C:\Windows\System32\libunic.dll [2012/05/24 20:10:20 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini [2010/10/04 10:01:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/12/22 02:54:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Ultra [2014/01/05 09:43:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache [2010/11/10 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson [2013/07/21 02:37:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena [2014/01/04 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus [2013/12/26 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDM [2013/12/09 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix [2013/12/24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC [2013/12/28 05:44:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rainmeter [2013/12/17 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/08/17 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9D742B1A < End of report >
  4. Sorry, i won't do that. Rules say i should only follow instructions from the Expert/Administrators on this forum so yeah, i'll wait for sir Borislav to reply. Good day.
  5. Yes its still there. I tried removing it manually now, but it doesn't. Its only on chrome tho. I checked my Firefox extensions and only IDM was there.
  6. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found. C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully. C:\Users\Administrator\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Administrator\Desktop\cmd.bat deleted successfully. C:\Users\Administrator\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 12108995 bytes ->Temporary Internet Files folder emptied: 119835728 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 16108899 bytes ->Google Chrome cache emptied: 260386194 bytes ->Flash cache emptied: 58079 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22794 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 390.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01012014_044123 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. post too long "{29A871B9-F15C-48FF-A1C0-56D0E4013E9B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{29C053BA-0787-455C-A347-3D2D40596D39}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2A717691-6BD6-4D16-AEB3-C187A27328C3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2A9DF276-FBB9-4264-B56E-8DD7A7555549}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2B2D3359-7B31-4262-9DBA-B601DE3BC483}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2B42561D-C26C-4510-8D20-C9147E144BD2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2B429DC8-1171-4B06-9ACC-B186162F8262}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2B470AA9-B2A7-4D5B-AEB9-16234F53A1CE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B97B84A-6CC1-4A17-AB8D-1826007B4196}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2BB21F26-41F5-4FEE-8398-25FA92886ADE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C036DBC-22C8-4467-B46A-A0FD8BAA9E59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2CB47967-627F-46E5-B938-4A81E66E7839}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2CE06EC3-22A1-4261-8575-B721FB94D647}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2CF125EB-AC17-44AC-9E1C-881E0936B71A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2D4BF2DE-7F87-43C5-9B00-AC2352F067A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2D6981B0-0A1E-418A-B32C-69B1D56208A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2E3413D0-2026-4840-AB38-AB806FEAA634}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F591080-3949-4A93-8C18-84A6247CA896}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2FAE40B1-BFF4-4513-8683-46C9F96AFBD9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{30533E0D-CD62-4424-BF46-500E893B03B0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{317D5920-EF36-4836-8808-AE19B6C7AEC3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{31CCB5F1-78DE-41A9-BD3F-99C47F28A6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31DA7574-7FE0-484C-8EF9-243D3AED8832}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{31F0549E-E94A-4347-9CF3-D779B1841C0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{321AA424-BA00-4B29-A382-5A0FA1DA0DA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{325A74AB-3552-4274-9842-6635C2705D99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3286BC99-3F5D-46C3-955F-1A0CBEEF4517}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32F37093-D516-40E1-94EA-2D5E1911FC54}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{336B1C33-14D2-4B96-A773-B83EB0CA5EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3435D171-6B04-4F43-9CB4-35FA3172E6C1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3465FD24-FE96-483B-9DB3-6C3318CC08F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{34B5368D-E3C0-4412-8E6F-2419CE2ABC3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{350D6DB9-5F6D-48D4-8DCF-61E4F82D30B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{350F2264-A94B-4C5E-A4A5-B32AB576455B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{359C14EE-D0CA-459D-AA45-EDEEB0283C92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{36A36F9A-E596-41AD-88E4-3B0ABCDA5C85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{36DC2024-2A27-4B14-88F6-F4CC3FBEAD70}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{37017330-2C19-49D3-8813-B21548905D74}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3703C9F4-8806-4302-A928-639E0272FE2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3760D2E0-C59B-40B3-B4C5-D25D49C00E6D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{376843E4-A7DA-429C-BD20-E1F21F4A49CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{37D6388E-231E-4CEA-A22E-DD589DFEFDB7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38C47A6E-CE0B-4A2B-A05C-830D76B0239F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38D981FF-A1C3-41A1-B6E1-A43E7B845AAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3985CAD4-66A7-432A-80C2-77E54C915883}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{398B2A3D-5364-4B5C-A795-CE8E0168B73E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{39B37DA2-F189-4161-96BE-75DED45C8CDD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3B5414D4-9E27-4464-9A53-39C80A208724}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3D03C40D-00D4-4AED-9674-88F8DC404B5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3E263CDF-2AE2-4BB3-9764-EDFFE738E7F0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3E50003F-CCC6-40A0-8B71-4D11ACB638DF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3F7C5A9D-F2B5-47FD-BF78-96310F12E50C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{41178CB9-A59A-4A12-8316-AFA7A967E0D3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{415C634C-B923-4A95-929A-BA192E7D4185}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{41FA5845-73DD-4D2B-ABA4-76262370038A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{420650EF-97B9-4D4C-AAEF-E1CE743AA82F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{427F996C-8E59-41BD-B5BE-A2270E67408E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{43453221-F8F3-4C9D-B6C8-107E61CAFAD8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{437A5899-B46B-453B-8756-9341226F02B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4471D969-D6D6-4F80-90FA-0484BB70C145}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44A3A069-3390-42A0-85FE-EA5EC8A5ACFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44ED22CE-AC6A-4FE4-A401-3D5325446504}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{450240CE-59F4-4EE4-AE0A-76BD384C9989}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{456625B0-9496-4DF6-9564-8DE3C0D887A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{45FB4BD9-D5E3-46BD-A700-7EE832E76507}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{46E66EAF-1330-4430-A325-EB5D28935F52}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{471868E9-15A3-4F84-9D98-C2DCF46AD45A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{48111767-8776-46CC-8E7A-50344C7C00B9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{48660460-849B-424A-A849-C9746053715A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{48711D37-BEED-4113-A18D-5974E27597E2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{489C7F16-B2A7-42CA-87DB-AEE5CFCCBA4D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{48D2D48A-77CF-4902-A887-3CCBA87429B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4947ECD7-4A05-436B-9018-C8CD4F519AD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4A5FAF31-EBE2-4305-8F20-F42827B131C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4A68EE89-553E-4CFC-8707-3B3942E6222A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4AB3935D-D790-47FE-A150-848DA2CF76B4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4AB3D1DE-A720-4C7D-840B-4AF6ECA3133A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4B2B1F77-6045-48D5-904F-5AE4390A75D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4BC32ADA-298A-42BC-A97F-49EE911655BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4C0E14ED-A4A3-425F-8B72-280A65E6275E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4C6C063C-680A-4A38-B1E6-DE25F2E87A02}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4CD2E2BD-6972-4A57-A7FF-DD03FBA4666A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4D4B4D8A-D637-4B0A-A2ED-164AFB7A4C6A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4DAE5152-AD80-4FCF-B1B4-C0FEAE3265ED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4DC12671-E8DE-4528-AE5F-60D676BE1B75}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4F326E04-3DEE-4253-BFFC-06AD9E2E7A52}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4F4B2D1C-1201-44D1-B074-E2B3777022C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{51AFB719-32B5-463F-B770-A613047E5FC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{51E9022A-5243-4E0D-BE7F-B393E68F5857}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5311C253-A964-41A6-896D-19FED21CF8E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5340657A-493B-426E-A395-BAA6890125EA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5398E1A4-DF41-4969-A599-977CB5413AC3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{53993883-7DA2-48AE-AE1B-B9BB64F6020D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{53C4AC4D-F179-4430-8EEA-75CB27A5B1B7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{54144987-82BC-42A3-A1F6-126535F247F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{548B5A89-A22B-4DA2-97D8-E3DDAF88F1D3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{54F660C9-4700-40EB-9801-0F79D19FAAB3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{552BCE4B-90AC-4529-A985-1356EA384EB9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{55F6A793-0869-42A8-B73D-DC52F4634D8B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{55FF6EA5-2681-499A-866B-23CF5FE60693}" = dir=in | app=c:\windows\system32\rundll32.exe | "{56C4A4FA-E900-4ABF-92FE-44493B1D0D90}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5702863B-986C-4E3D-96EC-CC1D781CCCBF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{57064535-ED57-4160-808A-9C0FF0FB24E2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5833397C-BB13-457E-BB09-E2946C397206}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{583B7B90-250B-4515-9CBB-F4FF6EC73E30}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{584D22AE-49F0-4794-BE08-B600AC4D9550}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{592F9B0C-AB96-428C-9785-2AE0F36AD670}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{593A6C85-E9D8-48B2-89FD-4FE0CE54A931}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{594654E4-477D-4276-95DE-E4EC7188682B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5949936E-779F-40BD-852C-E500D1FEB7DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{59C4AEE0-1632-4254-9C59-126E4742F230}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{59E904F3-E7DE-4F9E-A909-19D01D88B813}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A5D7F13-AD75-46F9-B61A-AEF76F86FA4A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A8CAF84-FEB1-4E92-A632-560B45761D5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5A96047D-5511-4B60-BFC3-DA41D80FF3C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5AE0677F-10FD-4EFF-8BDA-6A4F6573F95D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5B738A9C-C416-4A4D-B4C2-3F0C9717B38C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5B9FDB4C-A507-447F-880C-CE6F7B844CC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5BE638A4-D351-44AD-A6E5-891D689B6E2B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5C88086B-EA4B-4EDC-A43E-A08F5BFCC4D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5CEEDB65-12DF-4896-BD7E-7E1E9DFE0F97}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5D333FCB-E6E6-4477-9087-55925293CCB9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5D471C91-0E91-429F-9564-1AEB1C2C3255}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5D709B2D-3938-4679-BA32-51405428811F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5D75399F-E5E8-4DDF-B791-70C7E6982B3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5DBAE34C-DB18-4E20-BEFF-DDDEE2A466A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5DBB5E85-110B-406B-827D-FD6B60DA6148}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5E03E9E9-409B-439D-823A-BCE079D072DB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5E79FB2A-C372-497C-9591-D74ED9499FE5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5E9DBC61-EAC5-4A07-9643-604200525097}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5F6B1D0E-9E2C-4FDB-B652-BC989C16EE5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FE6F137-52DC-41D3-AFD0-2327B40A637F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FEBBD6B-5148-4650-B1EB-E79789F2B811}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{610BB16C-E5EC-47E8-A835-BE97D7A05990}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{61F083AE-E88D-4FF5-BC05-E430E5AB5FEA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{627D4B07-8C32-437E-86D8-FDFBD2FC0A88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{628A297A-023A-4380-A4E2-60EE2190E1F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{62AB9D9D-C339-4746-97C1-2DDA5820BB98}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{63D8B155-C7D9-4B4A-9A32-D294B40E96D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{63F896A9-67D0-4C95-BB81-4D82A27D4C36}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{640D6825-9511-42BF-A4CF-7EC92D4B5043}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{64F69C8C-E120-42A3-B36B-BE2F9B748463}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6503F501-7451-4679-A0A5-9173B0EA8B5E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{657BD760-852B-4DB0-978D-8F7A9B15BD54}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6586BB9A-CD9C-46A7-BA38-11B54C59DCD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{65D1137C-C74B-4D76-8CF7-1A9FA815C567}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{65EBEA08-8D68-455F-B230-DB168A2C0F04}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{66017510-9D41-4DE1-8394-D4970C412DDF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{66714B46-493B-48D5-9375-7967E6B9F384}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{669DF7DF-5932-4456-8718-8832C5F33E53}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{66A53BC4-AA8E-4613-B2DC-0256677092EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{66E455D2-F6B0-4D37-A555-5E12B3627C2E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6723D224-6213-4061-9A6F-C5104D960A19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{674B5010-9CD0-4CD1-87FF-1D5AF288500D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{67B33098-A584-46E4-84E9-D0E12F89AF0E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{680FA811-341D-46F0-9BBE-8C87FF2A11F5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{683D7A30-3381-40AE-9035-A473B660DFD7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{68582D57-2309-44AF-994D-B0ABE1AAC9FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{686525E7-B58B-43F3-9C66-872E717F1254}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6896D72F-6974-4C64-A2C1-89A191918E68}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{69270170-5773-407B-B348-56C0007A63BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{69574267-905B-4C37-B6AC-0984B800B168}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{69813C06-9798-40F7-998C-9A566FD54F26}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{69DA03DC-99DC-45BD-A0BC-AA1DB75814EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6A1FFFBE-4993-4F50-B1B3-D4F4556A66DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6A29A9FE-E97F-4E80-B5D8-A7ACB7ABB3F8}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "{6AD0A8CD-2094-46B4-9DE6-598B3C63E9B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6AEEE273-5006-4649-AED8-79A045EF0A8E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6BD1B12A-2C49-4C7A-8AA5-4EFA9537FFD8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6D9200BB-AD0B-4ABA-A36C-71A269187AD0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6DD8AC11-D2BD-4F15-98C3-92419D9D2198}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6DF4037A-7AED-44AC-A74E-D4B4CCCF0326}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6E30834D-BF62-4A92-BB3A-F7AEE7D42EAE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6E9F166C-006D-4B4B-9314-610EE1C71F34}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6F412651-0054-4CDA-A19A-6B262479052E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7014CC7D-4A31-4867-806B-3771E09A42FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{70F8C4E2-F52A-41B0-AAAD-84F189DA3C6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7191E40E-8AB9-4BF8-AD1D-E8AA59982D40}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{71EAB536-5D25-4178-BDB3-8B594CFF07B7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72654068-2236-477D-BEC1-C1B8D553AA2F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7282B175-5A4F-431B-9804-335D07189C70}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72CABFF9-1349-4F3E-81D1-E93F9AE91A9B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{72DA3072-6537-437D-8DAA-0F6801D91CA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72FE0B35-F094-4579-AAC6-0F67D9CDBFB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{733CFB8E-3A5D-4B6A-8A2D-553E6E52BAC0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{733D1098-B906-4338-ABF2-0AA31E000875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7367C852-24BF-4E76-9F1B-A2AD6E7F707E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73CA2AE0-A45C-4DE5-8784-68535BB91C4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{743D9759-2711-409C-AF85-1E66F1F6EC76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{748A0DB8-A908-4063-A60E-F94288914E99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{74A0512D-604D-4B21-AB01-93D2F8D5E707}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{75D48CDC-384A-48B7-B0DB-23E3E1324D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{75E1EE3E-7BFE-4ED4-B169-549845DFBA51}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{76A6E4D3-0BD4-485F-A503-D525BDD1AD79}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78061B2E-2E89-40E6-841A-1CFC5BC2532B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7813E71F-2245-409C-BF51-FED8BF70B5C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{784F2057-E6C6-4798-B202-66F1192718F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{791FFA23-9C44-409D-BA6E-EEF93D5E45C1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{79400961-0CBF-4FCE-89EC-C9C89E07A6BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7A22E6A4-105D-4EDD-9B35-3D175C76D81E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7A53768D-5CD2-4AC4-A5C3-22B42C375F34}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7AEB30CB-6360-43C9-8530-32AA89FDD966}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7B9180FE-3648-4508-B87B-D6FB7C8BCACE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7BFB9E3A-9B48-4E26-A9BF-44E6B76B297C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7C241AF0-0C59-4967-AB26-CF8F72443CC0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7CE7E004-DFAA-41DB-8196-31200B508851}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7D66E507-D548-4141-8A99-BB9A869280AC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7E746FD9-BA33-4FF3-BDF0-3FE72C6983A7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7E9FE252-F625-4A6E-A1CC-8D4484BAA8BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7EA4C11E-834E-4F38-9C93-8187FA81BADD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7ED12852-A431-4672-BD0B-4450B074A487}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7EEFE199-F571-445A-9287-6C47BA09C631}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7F273C5C-7D71-4CFC-A460-4FAE8C10233C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7F58E9F8-D15F-4FD9-937D-F28492C6AA33}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7F718FFA-91C4-49C8-94A7-28FADED14F19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7FDC6D64-5289-44FE-8609-2A011E2B445D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{80D1F881-6303-4B0F-8A24-5B82B34B0A1A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8190007A-5043-40FA-9850-8A52D59C3C88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8264E583-FFF8-4F35-AF0C-04E6FF2D047E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{837E3421-2E0F-4373-9031-E8BA295C5D2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{84AB07E2-D44E-4CE7-AA3B-268EB1C7F624}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{84F1D82A-EC60-4B0E-89A7-AAD12280A45E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85BC1007-9FC3-42D7-9DE2-988DD8965C2F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85BF1154-B9CD-482D-A65E-1CFD46256776}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{86990AA0-C40B-4C16-8DBD-1E1C3677C5D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8782024B-3DD0-4280-9B2B-9B88C16F07FE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{87C0A4D2-2686-4CED-8021-11D2350E363C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8822327D-F4C6-402E-B989-35B78069915E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{883CDCBB-0754-491B-9099-5881A2674F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{88883D1F-416C-4BE7-8E43-12513CD61FA2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{88ADB090-709E-4F1D-B20E-184D2FF15468}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{88B3C4A4-3C91-48AA-8DA0-A0078C3E3173}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{88C23C18-FC27-432D-BD58-D0CF42C6634E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{89494910-BEDB-425F-A325-B8F16BB65E6F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{89C2EE49-F3D4-4841-BA6E-A8895E856B16}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8A731BDD-9FA0-4580-B188-29954CF89E11}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8A96FF2D-7B33-4639-BE3D-D07C5CD98FE6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8B413CF6-D8A6-4B70-9A45-5C2EC9864C02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8B49FEF6-8B73-4C2A-BE8A-ECA6485A7A15}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8B981584-89E1-44F7-BFF9-B2C4F695273A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8BF68A30-554B-467F-8D97-78751CAC6FAF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8D32800A-E306-4F53-B162-3EA4A36CDE02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8D877752-BF87-4740-BB52-40C1E03D023F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8DB527E9-BA1E-4545-9133-C7A2519CF172}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8DD2C787-B1D9-427F-94CD-17EF0517E271}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8DD5C9C5-330D-4FC6-95B9-09193B979461}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8DDEE601-E0C7-42A0-9906-8F527169E0AE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8DF29F16-40B0-4835-A03C-EA2D1809A976}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8E27B4DC-B856-4681-A525-F2A20726E939}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8E292A2E-D8BC-40D7-BA44-8122573DE184}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8EA4A397-9992-4A88-A6AA-6F40E840ABDB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8EA60711-BF47-4010-B04C-E9619D3ACD38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8F3E89CA-523F-470C-8F09-B37AD0EFCF7B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8F5C1922-C44A-4CFE-AD98-A61E5ED32FC5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8F65C2BF-F5DA-4ED0-90E6-185177FDC7B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8F760B7A-3EF6-4BDC-9661-D531C66BD3D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8F8D2248-7C8B-421B-B3EC-822FD419622D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{905DBFEA-1E1F-4B34-8FA0-C0509E10DCE0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{905EA8D9-2C99-4949-AA24-610A97E9A5A2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{911C33A4-C28C-4593-8EA4-B6714974F686}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{91349B93-8271-413A-AE9C-D39373835CDA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{913D1EDF-20AD-4640-9A45-B8314537CF0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{91914263-13D3-43E8-99E3-F3EBF3D266FA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9202DDDC-132F-4C99-855F-B60525C73DBC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{920EB1A8-13E2-464F-92A4-A03FB57BBF65}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{92D03FFC-B152-4E74-8B8F-B3EB64E26081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{934915E9-C542-4E9D-A7A0-1589325CDEA6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9380F241-224C-4524-AAC3-7EB96C7EABF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{93E167A8-9AEF-4CB8-B3B1-9E0B99F5F3F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9464AF61-D4A6-442C-B567-4ADD32CCA73E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{94ADA2C0-BE4C-48F5-A3CF-1630C1F769AA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{94D34F83-433D-4CCE-98D0-DD61C19C1B3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{94EC0509-02CC-433B-985F-2D0A63831FAC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9505BA64-3E2F-4147-B6F7-A167589CEE6D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{95AB53EA-C288-4083-AAD7-221BAF30196F}" = dir=out | app=c:\windows\system32\svchost.exe | "{95C49CF9-E9CE-4097-A55A-DCDA6549B770}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{95E094A6-9A46-4AAF-81BD-06B15B5A9628}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{96B0D3CC-B1F9-47DA-BED6-8820316233AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{96B2D1C1-4045-4DD3-A414-2D3662E461D3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{96B4E751-B965-411C-84FE-82823BF9ED04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{983D4877-0DF7-4C15-8ED0-FA90B67F3473}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{988A23D9-5360-4E08-9E9F-F913AFC203DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9A7B1B28-1C08-4882-A48E-9FD9994B1634}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9A861C97-EB13-4A4F-8A8B-6A32365FF220}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9ABBF043-AF0B-4CD1-B02F-7C3BDC939EA4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9AE24418-9EC2-41FC-A3F5-35F6587B349F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9B53AA22-1F8D-48D3-A7B6-2B578CC28F08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9B6EF2FA-4590-454D-92C4-15B3AB7E0FE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9BEAAC79-9AE0-400B-A31D-16595CC48AEE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9C0F92B8-92A7-4D13-A780-2E30A215AE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9C0FEABD-5EEB-4289-BEFA-9B01B9C0E62F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9C6706E8-FA39-4B73-BC27-2A6AAEE8D706}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9CA5F3DC-3DD7-4167-B6BF-5158F5C06E14}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9CC31776-9603-4A46-AB13-AE9ECC3CE370}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9D81F202-7996-4249-B633-F2227A138494}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9E0D0B89-4DDC-4964-A950-B970063CA9B3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9E5F40A1-CF90-4E2F-8F7E-450EB43B7383}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9EAC3DB0-F33C-4BD5-B9ED-86DCD7F2C635}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9EB06BF2-7E21-41A1-9C82-84329791419F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9F398D77-0905-4624-A753-5D932089D959}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9FA2B091-7941-4332-971D-D8BD45F679E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9FE3DC63-88BD-44CC-A257-0454579A44AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A05596BF-F5BF-4966-899E-0E337376D7B5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A1178816-E0D1-4F27-9DFD-FCD226924E9B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A13925A5-49C8-46AD-A113-307B225808FD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A1A8199E-D798-48D5-ABFE-46E57FB5E885}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2E391CB-7A0D-4978-8328-FF259EE3F082}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A322211F-1379-46E1-91EC-77372797D961}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A38D5E81-0EA1-4CF1-AC90-0359F0A6F0A1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{A3C85270-A976-482F-B0F9-A9704484F375}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A3F440D1-BA8D-4CD7-BCBD-84727D75FA46}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A43022E2-5137-4095-A39E-A0D128FDE3B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A48ED24C-737E-44FE-8B3C-E321033A71DB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A4959BBB-F559-460F-92B1-6F1958B38DF0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A4FC78C1-5033-4204-BDF4-428B1262AD8B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A55ED7D7-24F4-4B82-8E52-42B227204494}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A5843712-51DC-4655-AABC-CE43A8A28BB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A5C9D7CB-55F4-4317-A3D2-745FA544BF68}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A63537DF-7282-4135-A502-209248A8A9C0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A7F93902-1744-4467-85FF-40B5304423BB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A8506A41-E753-4909-AD89-0954B040818C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A89A2397-7748-4C9D-BF1B-414196DEA85C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8C09456-1428-47C3-92E6-F651B7B43245}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A93425CE-CB18-447B-9938-D1CDCAF6B974}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A9616B03-BA9B-4099-95C2-6565F90E407B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A9990BF5-3DDF-4F62-9E13-C6CBA7C4D827}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A9EBFAF2-736C-4F68-B646-A943A722139D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AB644473-7ACF-46B0-A493-BF21187C4E98}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AB94F10B-FE3B-4607-8779-5098AA79692D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ABF594E2-506A-40C6-AFA4-8C4E730C12DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AC0C7450-9F54-4398-B304-3A949365C856}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ADFCA660-E830-4B46-B7B3-9DFAAFC1D702}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AE5F90B8-9293-4FA3-A15C-9AB8429CA9C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AE657AF5-6E95-4B9F-BD38-818823BC470B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AE697135-010F-4957-8692-3B8A077FE009}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AF0CB85E-CC4C-41CC-AC5E-9F37FD95153F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AF698687-47F8-489C-B8E5-8A3D7CDEA2A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AFAAF330-F27A-4319-8C36-516E3EA86DAF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AFC26423-71F8-48A7-BCD4-3982653379DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AFDE2084-AF09-412D-A479-E67784789601}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B0246FC7-3CBD-4B09-B6EF-B1870E6539A1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B06EB1F9-2F31-4320-B456-13F627E06B3F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B0EAC287-0E7C-4485-996B-A3864CF5A90E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B174669E-494A-4E1A-A359-CEBB39C5158F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B1DECC51-98A7-47A0-80BE-9BC89FF3B41F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B20485B8-822F-435A-96B6-3EFE9F958488}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B258D2E4-2A30-48F8-937A-543682FC9D0A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B28D69D1-F73A-4DAF-A2C7-51074597BEFB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B3432A85-5413-4058-9F14-F998F089675A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B398DC23-62DB-4395-8347-D3F4C8E766FA}" = protocol=6 | dir=out | app=system | "{B432B1E9-4F4B-4C08-B4CC-5C8552AA0188}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4431E73-8087-405E-87F4-3149B83DA708}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B480AE7C-56DE-44B3-AAB5-8B70C99175DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4C487C5-4A3B-49BE-BD3B-19B0701F3255}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B50319C9-BF7A-4D95-8332-63FEF77D06AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B51B3F02-ADE1-409E-8074-CE504A9DF55F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B5888FE1-0146-4B49-9273-F54BA046E983}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B63DA53F-A2E4-47E3-BAB9-1D270A26DA49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B685F330-7EA4-443C-A52D-1A5F0F174971}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B6ED70A8-8E4E-4484-8C8A-29983D0F1257}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B7139973-4035-4F8C-B7F3-7BB24C9D19EE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B738168D-F947-4F25-A458-30F2CE2766C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B79570B7-C903-4046-802D-7D0A9149F10F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B822EB3E-6BDF-454C-AA5A-816D722B9EC8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B91E9E87-EAA7-48B4-91E2-580ACC1F11ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B94ED570-D5DB-4FC6-A9F5-3D9DCEE1E5A4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B9B92938-C0C3-4392-B21C-86FE6AE556DA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B9ED4572-8D0C-4FBC-9B99-0C481982EA98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA174189-4199-447D-9F89-7C835DB64363}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BA3FE77C-68EB-4DA0-B131-56E120C84C2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BBFB88C1-86E3-436E-BB1A-B14DE549863D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BC84781E-68DE-4F16-9616-990CF7251AC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BCC39A1F-1E3D-4EC1-A349-2FB1DE8C258C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCCA94DA-0289-45CF-B442-13AA48913829}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BCD6DF26-E7FB-437C-B4F1-5FF12ED13437}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BD094DD7-F2D6-44B5-A402-D4CFDEF21237}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BD291778-CFA7-4CFF-9EEB-B9655BFAE629}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BDFF06B5-E3B5-4ABA-9270-827F548A336C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BE2A0E7C-C299-4E8F-A276-65161603D7D0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BE46B037-A288-4F67-B31F-F40887A94C56}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BE8CEA1F-3622-4C6B-BEA4-C353A86C6F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF2D12E5-2EF8-4BBD-9022-DAD62C621EB9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF4877AC-37D7-40FA-959B-2BDCC89622DC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF613F96-9106-4BDB-BFD0-002668FCB5D8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BFF7DEE0-B2B9-43BF-B4B8-C1F775972132}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C054BB57-F63A-4F87-9CF2-0BF086CE6F56}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C05BCE50-25F3-4A36-A280-DE1A4D571027}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C07667EA-0556-4B95-AA9E-E524A8AA9AE8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C08468AB-36E3-4B6C-AC0E-A9F2E164770C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C0A680AC-7686-412F-99D3-0A8F62EA452C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C210405A-0C2E-461A-B8F8-4650D976255C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C24FDBD1-009B-4D92-92FE-59586E7DEA9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C3055982-1363-4144-8C20-C6A791F46EC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3482AED-7B0B-43D0-A569-683D9AE75DFD}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\google\google talk plugin\googletalkplugin.exe | "{C349E882-2D37-4252-8590-D59D851B4EE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C3812E0F-DB56-46CE-A1C5-A1602711582B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C3C88132-CB62-4BBA-8631-977A7FD89DDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C423AFBA-7143-4054-97CE-D0D3445764FF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{C4489412-4789-4C96-8E48-12C811BCBD0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C58BF360-CE99-4A5E-846B-7CD9FBC86555}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C62A9FA7-3D24-4520-A3AA-04D8F6A8F920}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C638BAA8-DB87-424E-83C0-290B538DAFF6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C6AF5594-FE04-4546-9D41-C39939D0F614}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C6C3C4CA-9CD9-47AB-B1AF-9D75A3511455}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C7186269-4857-4D0C-876F-44332F2CBF99}" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe | "{C736B6A5-E68A-4292-8801-FA8CB6839C37}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C751BB1D-824C-4F5C-9A84-8545049DD050}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C770E3EF-6626-4B25-A5FA-168750AEC92A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C77A3116-ED9C-4731-B055-477605B35711}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C8229FCF-CE40-43F8-83E2-EAAB5424D1AA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C8558EA1-AB1C-46A8-8CB2-AE2EA24ADC81}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C8938FFE-25A0-4196-971C-D46E89D8B7A6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C97ABE51-1027-462D-B02A-B916240C6ACC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CB42141D-13A0-4B29-A5FC-F630DA9368AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{CC0E8BDF-4D8C-4961-B13C-5C954295AB22}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD0EB07C-3481-4930-90D5-4FB0E1725C2A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD4627C5-30D9-439D-B831-40DB2092DA10}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD63BAC4-0378-41F1-92A3-6CC8E262DEAA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CDF230D0-434A-4FEF-9D2E-2A7B7F510121}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF157967-1B07-431F-8254-C4A4E1984501}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CF4515E8-FCBC-4987-A76E-9B322F95C043}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CF7477CA-F27E-4E5E-87AC-FA43C3013CB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D048A931-92CA-4DCF-8011-71F7E314EC9E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D05036D9-377B-4EA6-A2D4-417D715D16C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D0560AF9-8E6E-4E65-84A0-235894D0BB47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D09360D2-24AE-43D3-8689-9B8B69B00F65}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D0A68A7D-9788-493C-91CE-710051268CC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D1310BC6-72BF-4709-97A1-849ED7B4DC77}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D1F89C0F-CF7D-4D21-B0BE-958D5BB18999}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D2358FE8-CB20-4406-9F8D-0671D530D504}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D257A729-9D63-48F2-AE8B-9C57835CE16A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{D2A29474-4DAB-4023-A332-B6A4522A06F1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D2D0457E-0A87-4808-9A39-30EAFC980E8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D2D4998B-F5DF-47B9-8C6F-95BDB0D306E8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D39B3095-593E-417A-A55F-D1C21303A519}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D39C7388-F9A2-4136-BB37-EABFD60E2FCE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D41658A5-5EAC-441D-B86D-D7E32B081C4C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D4D90B1A-71EE-49CB-AB34-DCAD879F19E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D540184E-07AE-45A0-805B-482C660466CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D65FD456-56CE-49F5-9B82-170D1A09E79A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D66BE608-DB88-4905-8675-D4156554EDC7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D6E08A3D-DB80-457E-B5FC-7DEA3FC90D66}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D6FB6533-9EDC-40C6-B7CB-0991D7C2CF81}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D6FE8A79-04E1-4D27-945C-DA7E8E9D4279}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D8AEE10A-4EEC-4C6E-8497-CDD25834D287}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D8FDA8C1-C91D-4C4E-93F8-2FABDC46A824}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D93B2D88-6B74-49A7-AEF9-EB8A1C679232}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D9729AF5-E671-4C0E-BB86-20AF1861B268}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D9C5C4F2-385E-448B-8ED8-C10EC22A04AA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D9E97EB1-F13E-4E03-B62D-074C0B2B991E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D9EEF33E-FA94-4B9D-98C7-00F5920EAE59}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DAE89212-2BAC-4A1D-85BC-D0F74F3B4849}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB156D0E-3226-4EA1-B97E-833A520672A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB498EF5-ED4F-4BA5-9573-A63EE5363A3A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DC248E76-ED06-4A1A-BE67-E54F71738ACD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DCB42E58-57DC-4F69-A194-09175FDB07BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DCFDE543-DAF5-4BF4-A8A7-A4EA5DFC8C2D}" = dir=in | app=c:\program files\garena plus\ggdllhost.exe | "{DDF6EE14-29A3-4738-B706-838C84A02D81}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DDFEDC0B-C8B6-451C-A1E7-8A1603A7CEE0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF4CC2B9-D44A-45A6-BC0D-A26177A6ED41}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DFA9F8A4-FAA3-4E9E-B66A-281B78CFE8FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E0C45CEA-5F5E-429F-AFA9-BA5739E36932}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E10A6690-4112-46E9-8CAF-57A836CE05E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E1104261-F420-4E6C-BB35-9F4F72FA7BAD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E200FC9D-60A2-4AC4-9244-FB7D03E72317}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E23239A5-E3B6-49B6-BFCB-E52760D2C3BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E238663B-B49C-49B5-86CF-96999BF0354B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E2D6F723-6775-413D-90C0-A2E8C2A9F682}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E2E8925E-18BA-44D3-981E-1EE13399964A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E30A2E00-08FD-40BA-AB5B-2F71D63A8369}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E330FBFA-1A12-4C35-B9AE-547029FD81AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E4179975-E3BB-47A5-BE05-C04355C72D8A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E4280D09-5207-405A-B8FB-DD95852C47D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E4E0A5EA-8866-4520-A3EC-4760BA4062BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E500558B-D6D2-4A54-9BAE-C9A68D658229}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E5940590-07DE-4CCC-AD8D-4122EAAF441D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E64CBD39-AF41-4961-8D4D-0923203F87BE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E6F58506-70E4-4A33-83F4-0DF0F4F7AC11}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E70543FE-AEAB-4E28-9BEB-EAD10E415C73}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E73E2018-A470-42EB-A2C3-AB3DD92AF041}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E84DB5F8-2336-4604-828D-AA8D191084D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E858DD14-6530-40D2-808F-34C3147CC0CA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E947873F-EBF6-42A5-AFA0-47605A93EAE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E94A8662-51A1-4BCA-AD28-9FED185188B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E98E310D-3FEB-4E64-A371-35285307A897}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E99B8F48-0E98-47D2-82B6-F028FE3029E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E9C6C9EB-4FCC-424B-B29C-9759D46C4AA7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EA1260CD-4CAE-40EB-94C6-0152C9541D12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EA9AD63F-C658-4C46-A9D9-11AAEF5F0A86}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EB283C9C-F154-4865-A07F-E6704CA26F85}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EB971337-7582-426C-B3C9-DE0257CBAD07}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EBBA75EF-5C47-46D0-8E15-3B15CD15B41F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EC61024E-C5D2-40CA-8115-C8CD7A9F746D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EC99929D-55EF-48AF-8256-3FC37F5C91F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ECEFE32F-CA72-4F03-AAF8-606F94342D78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ED47D00A-DBD4-429A-862F-06E2B75C29AF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ED581A53-17AB-487D-B88C-25BD7A721086}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EDE16FEA-81E3-43B5-91BE-0C4E40A0FE54}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EE8761DA-5F93-4FC3-857A-930F0E3FA486}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EEB1CD09-1C0D-470F-A16D-F354A3E27956}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EECD3F9D-8CAC-4461-81F9-0EF75AF540BF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EECD7B17-4F0F-430B-BB0C-2F76CE3D2B45}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EFBAF1AE-9BBA-4816-B9D1-45475B509B5E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F00C3D81-259D-4313-8430-D0C6AB8E7DD0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F028504D-FA3D-4751-814B-041B893414AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F0503810-E1B1-4769-81E2-53658277D4BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F0A3677A-B6B6-44C8-9AE7-A156CCF2D447}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F0C2077F-C639-48B3-BEFC-42CB16A6F8BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F22CD9AA-31A3-4C68-8ED4-30D5F739EAA7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F2B6F376-0455-41CC-A931-DADE3164FDF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F42CBDB2-8F27-4650-B6C2-83D9D58AB282}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F4A3D663-4200-4137-99A9-5A3AB227AB52}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F605185C-99AC-4C03-A57A-69097C40CC63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F6587F38-29DA-4465-A628-E6F37BB10620}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F713C4FE-B9DC-4D47-8626-7FF95A6497C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F71A4B1F-36CC-4AE3-ADFB-322E36E70AAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F7A2DC8B-145A-4819-A248-6EA92F9C3A29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F7B47939-6D06-4BCF-816C-33A6E971591D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F7D2B2AC-1D96-4738-A0AF-270A473125A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F7E7FFEE-4C75-4BED-BEFA-E5DE8F1DC58D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F949010F-2DDC-47C1-87D8-EEEFF343CC93}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F94F83D1-FCC9-4B24-9AFE-30BBCCF81F03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F9A065FE-3916-4997-9E5F-BF3DC980E8C0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F9BAAB0C-D886-4D0C-993D-7211238E76AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F9E9917C-2813-4376-9382-DBAE30E8E089}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FA580325-5C44-4C24-A234-C3BCACD8CFE4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FAB87C96-DBE0-41FB-9BF2-D897780A9E46}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FB77CD1F-E48C-42E7-AA48-FC85A563C384}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FBB07770-31B8-482F-88D7-6CE2D99781AB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FBD9330C-A66E-48B3-B1BD-82AD88AC870F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FBF090EC-CB7D-4259-87EF-CDCF0126F307}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FC5B00AD-E7A3-4902-84AF-9590C81BA813}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FC7624FC-9B12-4DDB-82F9-863323E82B81}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FCB340F9-5224-41E2-873B-3F8464E7C0E1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FCC6CDA9-A6E0-4BE1-80D5-8ECF1C856E7B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FD41A248-47D7-435D-82CA-53D21E9FC8EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FD5D08F9-DA6B-4EE2-968C-4A753DC6563E}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\google\google talk plugin\googletalkplugin.exe | "{FD6E8FFE-9FB0-4FA2-A348-D65971F03A2D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FD78B33B-FBCD-449B-9E9F-2BAF64D44F31}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | "{FDA432B7-4C4B-449A-B734-39A9C4FF421F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FDC86A4A-7C4F-4D34-A1FC-8234C84DDC78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FDEB16A3-56B0-44FF-8770-092DE2915E2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE155808-AA21-45FC-9F9A-45E30B303602}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE1FA27E-C404-490B-BEC8-083DA03CE444}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE2592E2-A989-4E94-A639-A4780A3F3A13}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE41F386-D10D-431E-9EA1-55EF64D6123D}" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe | "{FE4F50B5-19E6-4072-9C59-31A649CBDF89}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE51BA47-F777-454F-9B9B-E1C3CA78BEB7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE5A0040-82D7-44DF-A1A3-AD4C04C64D23}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE611A34-EA3B-4C40-8805-B9D42ADE3D47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE6A0D27-B7D4-47D4-BE21-FB098AC53676}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FEBEEE94-3E8F-4CE0-BB63-B43FD44B9DE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FED5FA5D-8B4D-483F-BCD2-359FA1C74760}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{2DDF9FE6-9DE8-4AD4-8A35-E042FEC244EE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{6E321A96-3443-4445-AF6E-E591F29D9B1C}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "TCP Query User{80AF8BF2-FD29-46A1-B5A5-719624E13D49}C:\program files\garena plus\updatemanager.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\updatemanager.exe | "TCP Query User{B5897ECC-ACF3-4D12-8AD4-FA65C97644D1}C:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe" = protocol=6 | dir=in | app=c:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe | "TCP Query User{C05724A8-E823-4AE7-A365-03329C2F8054}C:\program files\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\garenamessenger.exe | "TCP Query User{DCB74007-2DA7-4AC1-8411-D51846579F40}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{EA315C57-FC18-49CF-BB25-3E6AE7E44675}E:\o2jam\o2emuserver.exe" = protocol=6 | dir=in | app=e:\o2jam\o2emuserver.exe | "TCP Query User{F56FB382-01A6-4ACC-9538-51BADD5DF3C9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{1EBCE51C-F169-4E07-B0C1-46E954F4C424}C:\program files\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\garenamessenger.exe | "UDP Query User{45361B26-3900-4769-B716-2F9D93D77807}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{66681408-CC7E-4579-8E13-87231D8B117E}E:\o2jam\o2emuserver.exe" = protocol=17 | dir=in | app=e:\o2jam\o2emuserver.exe | "UDP Query User{7D83AB0B-1525-4E5E-8AAA-C4514E766614}C:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe" = protocol=17 | dir=in | app=c:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe | "UDP Query User{8FB064CD-890F-48A5-B44F-4522A2512FEF}C:\program files\garena plus\updatemanager.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\updatemanager.exe | "UDP Query User{B2BDF8EF-7579-4BAC-9D87-0C1761714301}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{C3406A1A-0054-4259-92C7-72D74CDF62EF}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | "UDP Query User{E3C1C483-86D7-4CD5-96BC-A4646CC25CA9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}" = Google Talk Plugin"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{6DCA86D6-F197-41B7-BD33-43E32A15A41E}" = ESET NOD32 Antivirus"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft Mouse and Keyboard Center"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.9"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"CCleaner" = CCleaner"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-11-27"Connectify" = Connectify"DAEMON Tools Ultra" = DAEMON Tools Ultra"Defraggler" = Defraggler"DMX5_is1" = DriverMax 7"EPSON Printer and Utilities" = EPSON Printer Software"EPSON Scanner" = EPSON Scan"ESET Online Scanner" = ESET Online Scanner v3"Globe Tattoo Broadband" = Globe Tattoo Broadband"Google Chrome" = Google Chrome"Internet Download Manager" = Internet Download Manager"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center"Pokemon Showdown" = Pokemon Showdown"Rainmeter" = Rainmeter"TeamViewer 8" = TeamViewer 8"Unlocker" = Unlocker 1.9.2"Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 12/29/2013 3:36:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "c:\program files\innovative solutions\drivermax\DPInst\amd64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/29/2013 3:36:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "c:\program files\innovative solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 12/29/2013 10:25:06 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting process id: 0xd08 Faulting application start time: 0x01cf045da6be6b74 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dllReport Id: 02ea1fe2-7095-11e3-b721-001e101f36d9 Error - 12/29/2013 10:29:39 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: btwapi.dll, version: 6.2.1.800, time stamp: 0x4ac6929e Exception code: 0xc0000005 Fault offset: 0x0004df41 Faulting process id: 0x1aa4 Faulting application start time: 0x01cf04a1d9381a0d Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Program Files\ThinkPad\Bluetooth Software\btwapi.dll Report Id: a5a21a23-7095-11e3-b721-001e101f36d9 Error - 12/30/2013 4:19:23 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting process id: 0x1b98 Faulting application start time: 0x01cf04a26bdf99b6 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dllReport Id: 1664e52e-712b-11e3-b721-001e101f36d9 Error - 12/30/2013 4:22:22 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000374 Fault offset: 0x000c3873 Faulting process id: 0x105c Faulting application start time: 0x01cf0537ddf74b5f Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dllReport Id: 80f0a010-712b-11e3-b721-001e101f36d9 Error - 12/30/2013 6:15:25 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: IDMan.exe, version: 6.15.8.3, time stamp: 0x515ebba9 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000096 Fault offset: 0x00048665 Faulting process id: 0x1c50 Faulting application start time: 0x01cf0547e1eaea51 Faulting application path: C:\Program Files\Internet Download Manager\IDMan.exe Faulting module path: C:\Windows\system32\ole32.dllReport Id: 4c10246c-713b-11e3-b721-001e101f36d9 Error - 12/30/2013 6:15:26 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1005Description = Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Internet Download Manager (IDM) because of this error. Program: Internet Download Manager (IDM) File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 Error - 12/30/2013 2:01:15 PM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b9138e6 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83b16 Exception code: 0xe06d7363 Fault offset: 0x0000812f Faulting process id: 0x940 Faulting application start time: 0x01cf05891a87ef9f Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dllReport Id: 5f8112b7-717c-11e3-935c-c80aa993c49f Error - 12/30/2013 2:01:15 PM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc89a Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process id: 0x56c Faulting application start time: 0x01cf0589178b972c Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dllReport Id: 5fbc951d-717c-11e3-935c-c80aa993c49f [ System Events ]Error - 12/30/2013 8:48:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004Description = Error - 12/30/2013 8:55:51 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004Description = Error - 12/30/2013 9:02:00 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004Description = Error - 12/30/2013 9:03:27 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004Description = Error - 12/30/2013 9:07:10 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004Description = Error - 12/30/2013 10:04:09 AM | Computer Name = AFMNLSLROPSXX20 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error - 12/30/2013 2:00:59 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect. Error - 12/30/2013 2:00:59 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7000Description = The Globe Tattoo Broadband. OUC service failed to start due to the following error: %%1053 Error - 12/30/2013 2:01:02 PM | Computer Name = AFMNLSLROPSXX20 | Source = SNMP | ID = 16713180Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 12/30/2013 2:01:26 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7034Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s). < End of report >
  8. Extras.txt OTL Extras logfile created on: 12/31/2013 3:10:24 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16428)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.86 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.52% Memory free3.73 Gb Paging File | 2.52 Gb Available in Paging File | 67.54% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 298.09 Gb Total Space | 3.52 Gb Free Space | 1.18% Space Free | Partition Type: NTFSDrive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0173B409-67AA-4D1B-BA4D-565949786767}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{01A97EEC-9FBB-4A18-A30E-D02340B97236}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{01C77E57-C285-4321-9B86-1A137525C211}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{01D2B0F1-41EA-4B2E-9572-C99F8C305F3C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{02075B43-6282-4EB9-84AD-F46EE2E5262E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{02294E59-5EA7-4107-8870-6B121ADD3860}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{024F1A33-C027-43F6-9698-4E7C17F0FFE1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{02CF7C48-75DB-48D2-8F01-2FE1106D52A8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{03728E74-D48F-4224-9603-4B2678093CEF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{03EB1BDE-7F4D-4F63-BC30-25E10B43FA82}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{03F0C701-16C8-45C0-9989-CE80B968FA87}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{04FC6C29-5903-4B4C-9A22-859AFCD496F3}" = lport=138 | protocol=17 | dir=in | app=system | "{053C850F-3FD6-4D43-AC43-3D00C45E3DE5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{06A69858-C543-48A7-8C51-1689DA7C2241}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0747EE68-E73D-470B-A199-E873A79BD24D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{07E63B35-9ECC-489D-A65A-0609039ACDAB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0810CDD6-AE5E-4B95-B571-8C54F718377B}" = lport=139 | protocol=6 | dir=in | app=system | "{084A5113-90D7-49FA-BC66-D620B4A7B3D7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{08BC8ECC-01BB-4D9B-BBFA-262268B8A7DA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{08F9D5D5-9BBD-44AA-9B3E-5C16938E0E21}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{09B7F365-F199-4404-AEA2-E49AA1282F85}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{0A892E5C-AE86-4DDE-A9D7-68DEC6A142BD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{0B7AD0E8-72C0-40E3-A345-9C1A3F204917}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{0B8C71A1-02F4-4673-A1A9-394C9659946B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0C133268-E06C-44CA-8B1C-8D51BE607373}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0DAC53FB-C48C-4FD9-9B3B-44C9E7BE1438}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{0E419222-793E-4990-A96F-A1FA78E19AE6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0EDD93BE-5EF0-47F9-A513-8C3608FF260E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{0F49779D-898A-4A47-A33E-5538E7ADCA31}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F92C2DC-EC09-41AF-91A0-F3D9015E04D9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F93796E-FC1E-4933-95DB-450ADC995559}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0FAFACC7-5E88-4BB3-81DC-DEA177F05F75}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0FDC4E83-1FB3-4BFD-8D22-51433962D12E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{101B3894-4B97-4F74-8E3F-9CC80E68B922}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{10472DD8-B7C0-48EE-9E15-51EAE5B31517}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{10772523-58CA-4BAC-B60E-3CB213426266}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{119CCD3E-E5C1-4D71-BB11-B1B25F76D1E6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{11C82FBC-D1F1-4120-8E65-DECB5B62A669}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{11DFD44E-8F55-401C-9F5F-B3D23A72F2F1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{12072302-9FD3-4B2F-BA56-94DA5F7CA74D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{120F50E6-96D7-49BD-B437-566510772EF9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{12A42228-EDF8-44B7-9042-803F3D8CB5D6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{12C94490-5A80-451E-B8FE-4F8F2FB24189}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{132C8519-A5DB-42B4-AA5A-65EBA29A3B4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{13C66DF1-56F2-4145-A910-6CA51902265F}" = lport=1317 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | "{147F5FC3-B6D7-42D9-925C-0F262BE1E00B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{15F5F5B8-F49B-43DB-B3E1-76DDDB800C24}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1710B953-BC0E-4888-9620-3C7D767BF115}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1751DA94-4972-47B6-B2F8-2789A6A5D74B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{17959326-B24F-4333-B0D7-38E26B0C24F9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{17D96839-2D14-4E4C-ABA8-3624542FBBA7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{190F2097-7D95-475A-9192-A32B34C77C6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{195AA94F-041D-44A9-9E3E-5C378F3F6F57}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1962F6BB-85DF-485E-85F5-F5C94AF92D15}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{19EAA48F-28E6-4C33-8A5A-E2166106A7E1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{19F85D3E-5C75-4DCA-8785-578667CF028B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1A443F36-A8DC-447A-AF7F-C06CFAD5B7DE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1ABFB55D-A3DB-48DC-BF79-03B3A9B4686F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1AE38079-1E16-44F0-A952-7134AC30345D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1B162AA7-6075-4950-AAB4-ED10A5C6267E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B3A1139-E43B-495E-BE21-3B7564AE5008}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1BCD44EC-C902-47AA-8570-A5168A5FA377}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1D928727-D632-43F5-ADA1-2E500A8BB299}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1DD74844-8F4B-46B9-8476-EB87D558F26B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DDAF3E4-40BE-4B4B-9C1C-5C5FF015D631}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1EAB48E0-0262-4EC5-AAF1-F83583C76D26}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{205005D1-8877-46BB-9BA5-C88B94BB8DB2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{20DB18BC-67D7-4E51-8B63-2CAD4FCF0878}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{22BA98CC-1565-4501-BE3A-E7EDC77542CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{24031656-A49D-4EAF-ADED-6119B227C0FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24E951E0-8BC8-465B-8A81-086E73F48FA1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2560C1B6-2B06-408A-A8A7-8728100A2E7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{266D7280-0567-48BA-833A-7790B2EBF68E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26BF17F3-F1E6-411F-AFCC-3CC87FBCE663}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{26CC46A5-D559-4C88-8A5E-6A5F7C16316F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26DB935A-4A45-4F11-A708-B92D1F18F6A0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28523065-FF38-4079-A76E-C3A29D1967EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{299B070A-B173-4130-8648-4395859B46F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{2A3200E0-5C7F-4C8F-924E-FCB4DE8DFF05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2AF02ECA-4022-4DBD-A0F5-15AC17DD9454}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B683911-F3AA-49B4-992D-3038C3327F64}" = lport=68 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | "{2CA86210-9666-4E8A-8626-29373645E0E9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F691441-CD82-4C04-817F-A36AED0FC3B0}" = rport=445 | protocol=6 | dir=out | app=system | "{30900822-2508-4EA8-9220-8D33315E3311}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{311AA2B1-C76D-4BBE-842A-25DCB501D121}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3128235C-0E41-4C9B-A545-7B4549E9FB21}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | "{324F64CA-9168-4092-B3E3-50223CE6AC75}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32CB7B85-551C-4848-9BF0-18E99CE3D1FF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32D6BAFC-1DD5-490E-99D6-FB7AA6319D14}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{33D69803-23A3-4CEE-A817-5EE47A611CC3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{33E27ABC-7450-435A-ABDA-22C73A1469B8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{33E7FDF6-8F22-46FC-BF7E-01367A0A23BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33FA538F-8C90-4F79-979A-8210BB3FA8E2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{343C1DD9-CBEF-4A96-A1D1-C28A78F74D94}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{34D66704-7DD1-43FB-BE68-512202423D4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{34DEBCBA-5B99-476E-80E0-DE8316294E05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3610F106-8D3E-430A-879C-791F51BF97A8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{361A38F7-7AEE-471C-B239-07F4FDA33EAA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{365FAC77-84C7-45AD-83D0-7E56AD7399DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37D9ACD2-A9C8-4369-90D9-5F88BEEB1C45}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{38E5317A-3742-432C-82D0-713505789F88}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{390112CE-A4A8-4924-B51C-1167C40D6152}" = lport=2869 | protocol=6 | dir=in | app=system | "{394A9AA2-A81E-4632-9611-9BE5FBD5A849}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{39B92FB2-8B48-46AA-9087-7637DCF607A2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{39E4D9DB-0162-4FC9-82FE-BAF4FC08F515}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3B302EE0-5B3C-4834-9F1B-B2ADE9D14DB8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3B5AC7D8-AE96-4DA0-93D3-7C3FCC6A6787}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3B8018BC-0DF2-4131-AC49-328064D57881}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3BF57C70-5061-479B-8A0D-BC6304ECC8B2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{3C6A4FDA-6DAF-45A0-9127-3C59CC364B12}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3DD1497F-350A-4922-AC68-134D6A1F452B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{3E4883B5-BEB1-409F-8375-1DD5C9C96B2F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3FBD063B-419B-490A-93DD-53248489F027}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{41EE4D81-BB31-459C-B486-03BD967D3E69}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{42A2246F-91B1-4FA3-AB06-D43F1CEAD581}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{438B4EE6-0756-489F-B796-FFD29DC2E974}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44C40A3F-A175-4C83-93D5-31255E9064C3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{45409A6C-89F0-47C1-B589-4FECB719F14C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{461E1F9E-F382-4463-830A-1FC3AB3C5716}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{48BDFB7D-3A11-411E-B326-6ECFD9D32709}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{49033634-83B5-4BF3-9B1F-1EADB4377026}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{49528235-27A1-4838-9CC9-BEB66F055080}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{49AABEC8-5B5D-4DA8-9026-448D1546CB0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{49D9870E-BD98-41A2-88E6-5D740E00082C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{4AACC1F6-5423-4F85-A2D9-ACD91F00CC23}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4B050F43-B45C-46A5-9D2E-3826BB4BDB19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B3CE2CE-8DBE-4379-B68E-55D043115B5D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4CEA4B74-464C-43A7-9656-E6A428BAEE08}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4DC5985A-B925-4DB7-8D1C-65D56FDB5AA0}" = rport=138 | protocol=17 | dir=out | app=system | "{4EB51FC6-EB18-4ED7-8427-A13A7EA347A6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4EE96DFE-0A1C-4C3C-9B3D-3C84C3A545BA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4FCCA625-2F81-4B74-981C-A11BB42564CA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{51630D1A-2127-4A15-A358-ACC263F5695E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51B9334D-A126-466A-B281-787517E8B0AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{549B1F2E-EA7D-4985-BF5F-7EE9F030C4D4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{54EA182E-D516-4550-9C94-CDCF48423EEE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5545C1C4-EC91-41A1-B10C-3BA2536CFEB5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5550C57F-2006-4E8E-8D62-E75DC779E142}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{55805CAE-C896-403C-8E71-909A6C96B287}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{56745E8A-0DD8-4A21-8AE6-8A568BE3E6FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{574D6BD4-D15F-4F29-B13A-26111782E6BE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{577963EE-657E-44D5-82B9-04417ED60503}" = lport=1303 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | "{578E2CBC-CE5F-4D15-8E08-AF642ECA3D2C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{584EC797-9021-460B-84B7-0235EA59D691}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{587BDC4C-6FD4-42BF-8995-6621553D14D3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{59396211-DBDC-4CEE-8F39-D1B5D1898441}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{597AB8F5-C333-4372-B22F-8241E4CBC9C8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A2D00CB-5D2C-416C-BC02-B5269C3D2E0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A8D19CC-CB69-424B-B2A3-212611D07D8E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5BB7DCC3-BCCB-4264-8A93-F28FE300690B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5C13D7DC-CE31-4BB9-8132-CB55FF2DDF9A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5EBAFF8F-A2BC-4C02-B163-C686D0646BAC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5F4AFFE9-B9B9-4544-B235-10249AF516D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{60A08330-5148-4073-8094-C291C0B12502}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{60AEEE43-0EF8-49A6-A975-D9CE89FF16EF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{62260C47-8F05-40A6-A4A4-A655267E13D1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{627E06E6-1975-491D-B176-907DF46A789D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{63D6A3CD-79B4-4AD3-8548-34D7AE345256}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6467C5B0-B6CE-46E3-8A65-8D680A0C7216}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{64AF3AE2-A7D7-4330-9E1F-6E57B9556266}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{65AD3EC6-A262-45AE-BFEC-5031EC8D4701}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{6791DEA6-1611-4150-B009-C5125BE01EAC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{67DC91F9-B339-4BE2-92AD-E9447A6AEFC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{67F0C9B5-3646-4706-8BF0-D7B401EF06C9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{67FBD1E5-F819-4CA2-8E7F-B6967C0EA173}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{68F54EC9-CDD3-4E6D-B5B8-EAD7899D4AAD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{69D125D6-1F66-4E04-9942-D561C6D710C4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{69E20048-2536-4F27-82BC-668AED49D9F7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6AEDC011-F9DA-47C6-BBF2-47382B18A2F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6BBE291A-BD0D-485B-8FB8-CC8634CF597E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{6DF4851F-476E-4BC7-A667-0960688C9E68}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6F5F25FA-6F9B-4E11-A7B3-9EFD2E8A9727}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{6F7A813E-3964-40D5-BFDF-B58B64912C04}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{70A99603-725E-4108-9557-5B4B05F8154D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{70DCB726-56D1-4F8A-BFAC-0D518CA8D9A8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{715DE8F2-FA37-4E86-BF4D-AF16D922B90E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{736E874F-40F1-4838-8698-20BD8A050A7E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{73AF2DF0-209D-4B39-A9CE-2087ECAE41A5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73F32BDE-13A9-4EB0-87D6-825F83F6C9E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{76015735-18AF-42A1-A5D5-A0342FEC8B28}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{764874F8-451A-4041-8F8E-3116A8160711}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{764A9118-0B19-4020-9B0A-458029D96E58}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{76C49BD0-E9D5-4E0C-AE26-E22C93B89D0F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{777689EE-6C0B-497E-96A2-DABCA322F2D8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7813F2DA-A6D0-4430-8FCD-BDF792C49EEA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7830D9D5-36BA-4C26-B496-06F3F9134C68}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{797246AC-77FD-42C6-A7A9-1F3E3D627E30}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{79CB7C42-917B-49E2-8FD2-CD7DD2AD5886}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{79D237DE-E8E7-46E2-BCD2-EF55310F70B3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7AF55974-BEDA-4452-90CE-4DF087E7B6FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7B5D2C88-EF37-4C69-9B59-D9CE4F833B63}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7D92E255-320E-497A-A022-D47F044D78CD}" = lport=10243 | protocol=6 | dir=in | app=system | "{7DF5510F-D6E1-4570-A0F6-F5737D358F5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{808B1AA8-8CE9-4C1B-BC2F-5411835B43B8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{80978CEC-9A17-49CB-BF8D-DE9862C999C4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8134CE2E-8615-4EDE-B50D-3F17F4BE6F81}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{81C751B2-5E20-4FFA-BE92-B18CDD8DAB66}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{81E10CDB-5027-4867-9CD6-400849AA118E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{822DC30B-83AB-446B-8B1E-414F305488DF}" = lport=2869 | protocol=6 | dir=in | app=system | "{824ED760-6116-4089-B8E5-E81D33BF8D24}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{826C653C-5FFF-4E91-ACFE-F8F4BB7953E5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{82C47420-978C-412B-84E7-6A73C45F84B5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{8395A20B-4624-4216-815C-12A82CF29E9A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{83FAC94C-ECB3-4E74-B11C-A49091DEDD47}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{84D34152-75E8-4F03-BE19-96EAC0364599}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85639D94-4273-4248-A9DB-F17B19C04271}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8591248F-12F1-4892-B143-0CA91AB14CBE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85C19181-3DE7-4074-88CB-6AB39DC1082E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{865E8341-BAE4-4A80-8799-DF4C9B4C1D41}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8776C882-3710-4AF2-A170-BF9B9E5B2EC0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{879DFEBD-F6F1-411D-9DE4-1DDBFFC684C1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{87D99353-776E-4027-8C28-A8D5806067C5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{8813AAB5-123A-41CF-8AF0-E622FB9F15EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{88EF34E6-1C85-40E0-A17D-5D2577A144C8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{890E4A18-68E0-4FF4-B30C-74D95CB3A056}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8A2D9B27-AB1E-4097-85FA-3F6AD8C68DE8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8A4BB6D5-5799-4723-9AD1-D7DC315171CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8A50C739-51A9-48E8-A80A-FE5A89670415}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8A82867C-48B8-44B1-A015-82DB6AE3BC3C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8AD18F09-BD82-4D75-A00A-A89C849BEA0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8AEABF58-7285-4EAA-8A81-1D53BDBD1504}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{8D2635E1-1499-4335-90AD-1180DA3C3B30}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8E38B77B-67F9-4947-B709-9BC5AFCE5FED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8FE0265B-F02C-45CD-8585-D21CDE3E75FD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8FF03619-08DA-4506-9391-95BBF2611526}" = rport=10243 | protocol=6 | dir=out | app=system | "{905F7E0C-37EE-48CD-AEF0-5AD0F0AD6AA2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{912D7A90-62C4-42D1-A41F-CB3D2D969112}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9385E1CC-2B24-46B6-BA70-EF16A96187A5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{938F8F16-91B1-4EED-A685-6AC40883CE74}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{9558AA5D-46EB-4137-82AC-303D8249E3F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{956828EB-82FB-42E6-A63A-92E7726F772D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{96D1A032-7127-4171-9C97-3A9B47B34228}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{96DD4782-7105-4A2C-B532-34979FDB7CA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9769C8E2-1DB1-46A1-8EBB-0562836165DB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{9869C5E9-BD6A-478A-8C77-55097072C3FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9A134DA9-812F-4075-BC8A-C32507B913C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9A15BAD3-E887-4566-8464-8BFC534DAABE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9ACD4DFE-C97A-4D18-9303-08727799697D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9ADF755C-A069-46B3-91B1-4ED7185F7170}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9AE411AD-50D6-4198-B0CF-29865DE5FF68}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9B424388-322A-4FDD-940F-042BBCECB292}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9BC77D37-7E26-40B8-B1AA-1E8E22DDD750}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9BCC0916-E0E0-4E40-9F34-4241E1408FDE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9C54754F-D376-471A-B27A-33624968238F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{9C573F03-6E78-43E8-817A-DAADA8285DF2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9D671E8F-BFEE-439D-90F7-209BE89ABD15}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{9EBDC97C-9819-4015-8158-1DF7B83E21A6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9EE1CC89-A3F0-44CE-BF4C-CDDC50410718}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9EE4B71C-793B-4923-9619-8CBD3953D26C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9EF1E3E2-065D-4D5F-AA88-DE089CEE3A66}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{9F7E328E-6E66-453E-A80B-79CFCC2924C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9FD9B1F8-87C3-4B8C-A566-E4C2F8777A05}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A0B5F52D-4C20-44E2-AD5C-DA31BD44DA28}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A25E63D0-BBFF-4367-AB3A-A3D138CDA1FB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A27E8050-4ADE-4BBE-BE2E-BCAA611EEC6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4397DFE-2E3A-4FA9-8468-79A60D9F69D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A450528B-D4D0-44AD-BE14-44407AE54F0B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A47E070C-5EB5-4F47-939B-C633778F0896}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4B9DF84-BE11-4160-96EF-9C87EBABCBE7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4D04FF3-9038-43A7-9786-031EEE505FDD}" = rport=2869 | protocol=6 | dir=out | app=system | "{A549CCCA-2D30-406E-982D-1D5B7FBC7156}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A575EF02-B8D5-4164-91B5-B899383A2F28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A61D20E5-34D5-4CEC-8940-049363C7E1B1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A6AA60C9-C10E-4BAA-AD59-11C4D7F90C5E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A70503E3-8E3C-423C-B545-5C4A1DBF3F4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7326D35-8723-4C98-9D23-262560916AA7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A84C1CF0-4E37-48A8-A6A5-BCD23C14D7FB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A89301FB-CFFE-4854-8A4A-9DD987C7E392}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A8D8DD6F-64A5-486F-8F7D-CB4C395A1C8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A9070419-DF72-4E88-8370-C72E04214252}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A9538F24-D88A-4140-915C-9D26A825E3B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A979E413-5818-4FD5-88A5-BA0337A6545D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AA60BEDC-0A1C-4C72-8630-F245278B8886}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AAB0F1EF-2126-4222-A9F2-F8ACF03BF073}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AAD161D1-1743-447C-9A8C-5E243F9E9916}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ABC38545-83B1-4B90-9D07-57076C0C6DBC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ACDDB4CA-FB73-4A62-A663-316A1F5391CF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AD061D10-4809-40B3-BBA3-5C4CFC1007ED}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{AEB43045-6742-41D1-AD15-CB239CED6688}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{AF632E83-F0BE-4774-BE6C-438A06558F62}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AFBF6817-E181-4A05-B554-F37762DB5146}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{AFF91CEC-7F44-4DD3-A030-0CC8F1A2EF18}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B0A11E3E-332C-40A8-A743-21566F715601}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{B21FEBB7-663C-460B-B27B-EDB18B8E1EAE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B29D8F29-692A-41E0-BB77-37598A2593D4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B2B3B487-B3ED-4F88-9EF3-E7034FEA292F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{B2C12581-4E84-440F-9A21-7440C22F11E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B32A30D6-2421-433B-923A-88D5E8F94728}" = lport=137 | protocol=17 | dir=in | app=system | "{B3E4B956-900C-4379-86E6-CBE91DE7A769}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B3FF3B13-1F5F-4846-8086-DD86A11B41A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B465238B-76F1-4261-B41F-4157D7918FD6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4788EB8-2315-47E0-BC27-C39C44398944}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B50945A8-724E-4768-8A77-0334486B292F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B5475EB9-9FCB-4ECD-9B91-289319AA9488}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B595236D-1E39-4396-B4E3-F6D60DC79388}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B6CB085A-B01A-4C6F-9D36-0D6D16F9EE56}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B74F5BD7-4C62-4D55-8A03-708C809A92C2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B86D5E0B-D9D6-47AC-8709-32FBB428B014}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B8B353E6-3DA7-498D-838A-9E74E615B1DE}" = rport=137 | protocol=17 | dir=out | app=system | "{B8FE71DC-9E3F-4BAC-9F34-3046027C1199}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B942B85E-D1F9-4A5B-A76E-93E4A4F31A47}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B967E7D3-4620-4419-88ED-1420F3E72356}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B98AA951-6507-42C2-9FDD-5DC93DF4BB98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B9F07ED1-C5D3-49B4-9B49-31BDD3C0C70D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{BBAAAA44-F263-432E-9F58-C5AD65C1A54F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{BBB8C7A7-4FDC-47E0-AEB6-E3FA4F16F2B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{BC0A26ED-76FD-4DFF-9911-81072408DBAA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BE03CB37-40DE-43C0-A45A-D236A3637E33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BF5A6910-8D0C-4109-9852-BF23D3C72DF3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BFAA6B2E-0FFC-4EF5-9D16-E7D14D6420ED}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C001ADCC-B7D7-49DA-8404-3DBE37C3DF7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C2499518-7ABF-487E-962E-6C208E21FE5F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C2D0562C-E0E9-43BE-A9E5-C7F267E6356D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C2D20CDA-CE50-4FEB-B67F-0A50F44BCDA3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C4114D2C-2327-41D5-A8E4-9C88ACD48D64}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C442FC60-21CF-4C18-BAC3-77EE5708EAE5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C602707A-B408-4B23-9261-C3319396690C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C636F697-945A-4CBE-A1F6-833EE4047FDC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C6FAB303-7F4A-4074-AA74-A6963A06FB42}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C70914D9-1494-4206-9697-24CA974978A3}" = lport=2869 | protocol=6 | dir=in | app=system | "{C7FB5918-170D-4C82-978F-D1269918C672}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9050FFE-5151-44E3-9C67-6E57F28BD76E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9615A8C-97DA-4FA1-B459-27002F1DAAE8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9C21D5E-8EE8-45D9-B91A-16A9D75D8AD8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CA48B7F4-11B9-4DA9-8EA8-34C30EB5CF43}" = rport=2869 | protocol=6 | dir=out | app=system | "{CA521D49-0B81-4F7C-865F-4DCDD84F773C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CA900CA4-5316-4EE0-BCB6-243207919B78}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CB693859-2720-45F3-BE44-6593F66944D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CC9E3459-FEBF-4931-B832-C2A7884DB566}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CDFFF07E-309B-4B43-B355-363B244EE5F1}" = lport=445 | protocol=6 | dir=in | app=system | "{CEDEAC83-6C7A-41ED-8B72-54599E1F1B6C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D276DDF5-3336-426E-B4A1-CEAADE317009}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{D30EC640-D22A-44F9-9B52-55398DD7FDC1}" = rport=139 | protocol=6 | dir=out | app=system | "{D42C2BC5-34AE-422F-937E-DF9AEC0BB547}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D451CF71-74AD-401C-88CB-53B6D897CC40}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D50585B3-847D-4A80-97C1-C2B1368C61E7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D5CD49E2-6D29-451D-BDAC-391A616EFF51}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D5CE4868-90BC-4ACA-A41F-DF1CBFF0F294}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D6DB4AF3-5379-40F4-A7DC-4475F748D0DD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D768A78D-C79C-4B21-AC3F-4A60E0C7EAED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D8C4B54D-5F71-46C9-BC40-A00B00AC0C4F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D91E6A32-BBD7-494C-B722-2437E8A06D82}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D99FBD02-CEA2-4EC9-9AF0-7F9CAD386B7E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D9B6EDC7-958E-4297-AF51-60DA95144A59}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D9D7F323-71C9-46DE-A664-4AD645CDA2FE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB4E679A-AE38-4583-8946-A07E3184879F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DBCE82E6-EA94-46A2-A204-73694C97ED2F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DC87C054-FAB6-48B9-8AAF-9E7ED6DCFCDF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DD4DA07C-84BE-4100-98AA-514828C5D13D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DD82E22F-7381-4836-A36B-5F67425E47E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DDE4D9CA-A4EF-4699-BE2C-C69332F0664A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DE9E79F1-B70F-46AC-A07A-2A123726EA6D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF19213E-ECA3-4760-84D4-28897EE00A8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF964B3B-E004-4F21-BBED-04B5D1435FB9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DFE1D4C5-35B6-424F-B0FE-5FAC07069166}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E03E98E4-338D-4A74-A315-8B6C3A9F228F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E126DCBD-09A4-4BD0-9500-F8DB23C461E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E14C2666-2274-4029-AFEB-AEBE41EC6445}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E19423BD-DE23-4C39-B1D4-D43140639812}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E20CC3BB-FC1A-4990-AFA9-A2E645B5BD65}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E291E5A4-131D-48F5-91F2-DB2BE14B2B86}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E2ED46AF-1522-4D19-8229-E81A08093A22}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E3C94D7A-ADD0-4C2C-8689-C28EBE908851}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E3EAB60B-E753-4CA3-AE75-D2DDADCE176E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E51A2F16-5327-43D5-98A5-0D77CCC911E5}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | "{E528A9FC-7101-4CBF-981B-91614E57612F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E5957FE8-E74E-4D0A-B70D-6960B799353F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E8098363-F72A-47F3-854A-467CB0298A28}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E8445D50-C168-42DB-BB6F-FF42DA6F1FE0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E8A34D3B-2E32-4CB9-8B7B-1035738F6684}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E946C26A-1788-4677-8F13-D49728BB9C91}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EA39F334-A0C9-4932-A086-A05212C6EC54}" = lport=67 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | "{EA489804-9926-4BF9-AC31-3E877943F51D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EB3597E7-1C78-4125-BE2D-38AFD7AB4F43}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EB5E4604-5BE9-4797-AADC-C8F3871FF968}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EC2F8AE6-9053-4529-B738-BC1A72B7909F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EC740C08-5CCC-459C-A960-CB6FEDF96CC1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EE820A4A-9DD5-46C2-A34A-CA45CD41F6A5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EEFCCC6F-761A-4406-8409-57305565EA57}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EF267757-A152-449B-B250-28405F1C63F0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EFEFFC4F-A3DD-4A69-A26C-55E9B30C4AD8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F02B9F78-B7FE-4726-A6AE-38A26D7503B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F096294A-04EF-48D2-85BB-4A9834395B83}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F2424822-DCB1-483F-9D84-B154413F17F7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F270EBD4-38BB-45D0-8FE0-808BBD150A74}" = lport=53 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | "{F3A84B17-BE96-4880-B05B-2D926528FAAC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F43B6E7C-92C0-44DF-9443-BDAD025B07A3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F46FE701-D6F1-42FD-9632-5C4396C1E593}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F52FAE3E-37D9-4CA6-AAC6-62E768372270}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F5433408-2EB0-42C7-922D-2C89F5C5921A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F739D46C-7370-4262-B533-87AD87BEA0F6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F836C7E2-0727-4C45-BEDB-B1EB6EA53C24}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F8A08840-4EA6-4694-A261-0E173A6269E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F8CAFC82-95AC-46D9-89C4-AE5C4564ED10}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F8F57ADA-2714-439A-BA67-EE7F24045798}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{F9490359-03FD-4713-95FC-1A90F6D47FC2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F9CFBE8F-DFF1-40B2-A821-14D146ADD76A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FAC8C772-52C4-4143-B61A-1EFCC8D33967}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FBC0F7EC-93C4-415C-9D50-9646B61CEB4E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FC13E7E5-C17D-441B-8BB6-704B67233DF4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{FCB5021A-79FA-4B91-B10F-5E490C5B39D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FD18FF6C-1104-47D5-9409-BE558BDF820E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FFD87034-811B-436A-AD8E-FE035256AA62}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{000DF983-4451-4D93-853D-F42E4C372E7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0017C48A-A2FA-4223-BD83-81C87C9D243B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{004E76FC-D816-47D3-A149-2FBF69DD9476}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{01724D10-5609-4646-96C5-787F7CD9A2A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{020D0FE0-F3EC-463D-8FDC-2F773FFA5105}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{02D79FE2-DFA2-4F90-878D-34EB5CFCE082}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{02FB44AA-5285-4EA7-A2B4-6ADBDCF6E2A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0383430E-322E-472D-A463-9C4D9DBB1D3E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{03D54717-CBB1-480E-ACD9-A9948369553D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{03E9DBF8-7D84-46E6-8F9C-A1D3828D26C0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{03FD14A3-2B0C-4192-A182-23247D131A0E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{040BEFB9-9F1C-4878-8376-3AE50C8D66BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0413AB6F-CA1C-47E0-81DA-E13AEABC3731}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{047F0EA3-619A-4791-BE44-AA754F80C013}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{04DC899D-E62E-4089-91D2-11C8D872B7F3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{056F2357-7C7A-4506-A95E-25791848FD29}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0595DA27-63B1-4B86-A262-D2D00E0E1335}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{05C95DE8-2646-49E4-A2D1-F5FFF844EC2B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{060F6F41-9F2D-4145-99B8-8605CD72E95B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{06217AA1-DE99-437D-8AAA-776CC71E69C5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{06D7A3DF-45F2-403C-A09E-78066556C247}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{06E38BAC-196D-457B-BF4C-770D352CB2E8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{073D05D7-FFF6-416D-98F2-D1ADC72033E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0838A27F-E4ED-4DF8-94B1-D1A6154ED2D0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0976A7E1-1D55-45BD-A9F6-75896452FFFE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{09AF7774-3C16-4614-BA37-6AAF23FE1FDF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0A115E82-9815-411B-A388-77AD8847E389}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0A843A3F-A5CF-43F2-9C22-552063FBA8BD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0B59F4CB-E05B-4BE4-B166-7415EFD4B89B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0C44EAE6-62A8-447B-BDFE-F3C2AC6858FC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0CFB7061-AE8E-4AD2-84B2-04E74094201C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0D3AD775-4128-4E1E-BC6B-77A1D33B8D1B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0D74027C-6EC6-43A2-BBE0-2979B1B459E6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0DF79BE3-6BB6-43C6-9DB1-2FB84E6C4A20}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0E2C45EF-87EC-4E2E-B920-52F58DD0DABC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0E429E20-7B19-4556-BB4E-BB38E8A03F09}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0EC994B5-31D7-4E8E-8053-BB404B8273C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0F11AD7A-4D3A-4546-A3C2-D65D7FB21751}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1063CC69-B2F0-4DFE-901F-B5854319B7B1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{10915CFC-6DB5-4CC8-837A-E62039C0088C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{116D3974-B46D-4492-8450-CF7FCE74FEC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{11A7C91D-8554-46BE-B35A-C624957D1254}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{12971C6C-AFD9-44D8-956B-9F1BCECF2A05}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{13318F72-711F-4E39-8625-C6EB5C4386C8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{139C2122-C0A8-4D00-B4F5-7337AAD6BCDA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{14C5244E-AC23-4A06-B7AD-679033DE0E3D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{14DA4060-5B32-4DD3-9BB6-0AE2AAD0280F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{14DE2781-C6A9-4132-BF98-1D9D24DD2A8D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{150644BF-F09E-415B-9039-45DFB2918236}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{150CE1EF-58E7-4999-88F8-8EBB616E40A0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{152461DA-409B-4D81-873C-9BB31E173C6E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{15609CCB-C321-4180-80F1-E9B62C455DF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{156E46D8-C985-46EA-8740-6A9C98DA5A68}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{156FE0E8-31DA-43FB-857E-AD6F4372D76B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1666FE3B-46E6-42D2-8A65-145AB5BCB0FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{167EFF18-0BD8-4567-A4E4-B6032B031EFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{16DAF006-3B98-4799-9B37-58FDE49F3722}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1911D9ED-BCCD-44C4-A1F4-A3CDDA43C42D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1925B283-1B65-48F8-9205-BEC372D0CB3C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{196D6C4F-9544-4A65-83EF-534EB55D1DE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{19A84398-4640-4BBA-9960-6F7457B0F855}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1ACE6DEA-0452-4123-941E-E5143DF2FE90}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1B40262E-DEBA-4BA2-A677-B4CABCF70E16}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1B4C8001-0455-434A-AF84-1827E27C09A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1D097BD2-1E7A-4109-AE3D-FC6C3BD332D9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1D1625EE-E109-4F95-A01A-560EF7127AA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1D3E81B6-079F-427A-9057-93336688E34C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1DBF91C2-E11E-4CE5-B271-05BC6B4A3544}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1E29A080-449A-493D-846E-3FA844E92F0B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1EDCFE85-745A-489F-98F8-FBC02F03AF3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1F67CE36-4F26-4137-A65B-77F93561526A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1F96EB35-05C2-4CCA-A51A-6A7E5AD39C2D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1FA50F36-776E-43AB-BF8D-69371513EBAA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1FE407A6-B549-45EF-B993-067D55FE2919}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{20C43953-886A-4693-8B02-5943B781DA6E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | "{2105A9A5-8442-4B9B-A952-49FB23EB7E83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2143EF6C-872E-45B1-91A7-55D9D09D336C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2146672C-E911-4F3B-97AE-8CDA952D2E17}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{217D027E-FA2F-4FCD-9200-8BA6110CCB27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{217E0BF7-1572-425F-94EC-E47AE7D9F055}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{21C00E33-8774-4EF1-800E-3A8339FED997}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{22156EE7-46A2-4F89-AD58-41FD166A78F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2236BF68-C4AB-4B8B-9F1D-601595C6C699}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{22D0C439-2F97-4FF4-B104-9DC3EC68AFFA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2372F9F9-B526-42F2-8035-AEB6348A9679}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{23FF3B1A-D39C-4F2E-B9AB-BEA058E07886}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{240DAD8F-1C12-4FA1-9489-1EF0B19CFCFA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{25454B48-5FFC-4949-B955-0DC23772927F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{25E21A23-917C-4229-8A1D-27AC738AA767}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26206C9D-E2D7-41BB-9AA6-206450CEFB6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{26689097-71BA-4A54-A052-B1A72E35B406}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26A2FC31-488B-48B6-AF47-6B2600DDEF3B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2715219C-CBD2-428F-BD87-D4B40C26A8C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{278DBA71-8B07-499D-8BC0-940043CB64BE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{27B57FF0-A9A9-4964-B00A-16DB8E3D3058}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{27E72E86-ADD9-464E-BDF5-23ECE3E49530}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{283DB388-8369-4E19-A7E2-CD47DC7CA41B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
  9. OTL.txt: OTL logfile created on: 12/31/2013 3:10:24 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16428)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.86 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.52% Memory free3.73 Gb Paging File | 2.52 Gb Available in Paging File | 67.54% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 298.09 Gb Total Space | 3.52 Gb Free Space | 1.18% Space Free | Partition Type: NTFSDrive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exePRC - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exePRC - [2013/12/13 12:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exePRC - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exePRC - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2013/09/12 13:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exePRC - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/05 14:58:00 | 003,573,624 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exePRC - [2012/12/12 22:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exePRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exePRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exePRC - [2011/09/30 03:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exePRC - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exePRC - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exePRC - [2011/03/15 00:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exePRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exePRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exePRC - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exePRC - [2010/04/20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exePRC - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exePRC - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exePRC - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exePRC - [2009/12/21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exePRC - [2009/11/24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2009/11/11 18:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exePRC - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exePRC - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exePRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2013/12/27 13:56:44 | 000,027,952 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dllMOD - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exeMOD - [2013/12/13 12:24:37 | 000,896,304 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\ggplugin.dllMOD - [2013/12/13 12:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exeMOD - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exeMOD - [2013/10/30 05:44:58 | 000,678,584 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dllMOD - [2013/10/30 05:38:52 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dllMOD - [2013/10/30 05:38:32 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\SysInfo.dllMOD - [2013/09/20 20:12:15 | 000,956,208 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dllMOD - [2013/08/23 18:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dllMOD - [2013/07/26 15:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dllMOD - [2013/07/15 23:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\FileSender.dllMOD - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exeMOD - [2013/04/10 18:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dllMOD - [2013/04/10 18:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files\Garena Plus\libmpg123.dllMOD - [2013/03/13 19:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dllMOD - [2013/03/07 11:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dllMOD - [2013/03/07 11:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dllMOD - [2013/03/07 11:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dllMOD - [2013/02/07 18:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dllMOD - [2013/02/07 18:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dllMOD - [2013/02/07 18:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dllMOD - [2013/02/07 18:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dllMOD - [2013/02/07 18:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dllMOD - [2013/02/01 14:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files\Garena Plus\libzmq.dllMOD - [2013/01/30 17:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dllMOD - [2013/01/30 17:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dllMOD - [2013/01/14 20:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dllMOD - [2012/12/04 22:15:17 | 000,247,808 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ToolBarMgrPlugin.dllMOD - [2012/11/30 22:30:47 | 000,256,512 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dllMOD - [2012/11/30 22:30:13 | 000,333,824 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\MenuMgrPlugin.dllMOD - [2012/11/30 22:30:02 | 000,270,848 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XFramePlugin.dllMOD - [2012/11/30 22:29:57 | 000,331,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\StatusBarMgrPlugin.dllMOD - [2012/11/30 22:29:36 | 000,595,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\core.dllMOD - [2012/11/30 13:50:37 | 000,580,096 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceMgrUIPlugin.dllMOD - [2012/11/30 13:50:09 | 000,854,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SMSUIPlugin.dllMOD - [2012/11/23 15:14:49 | 000,119,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ConnectMgrUIPlugin.dllMOD - [2012/11/23 15:14:40 | 000,416,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogUIPlugin.dllMOD - [2012/11/23 15:14:29 | 000,715,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallUIPlugin.dllMOD - [2012/11/23 15:14:22 | 000,493,568 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoUIExPlugin.dllMOD - [2012/11/23 15:14:16 | 000,302,592 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DiagnosisPlugin.dllMOD - [2012/11/23 15:14:07 | 000,391,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectPlugin.dllMOD - [2012/11/23 15:14:02 | 000,117,248 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LayoutPlugin.dllMOD - [2012/11/23 15:13:52 | 000,818,688 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookUIPlugin.dllMOD - [2012/11/23 15:13:49 | 000,569,344 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogSrvPlugin.dllMOD - [2012/11/23 15:13:47 | 000,702,464 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoSrvPlugin.dllMOD - [2012/11/23 15:13:47 | 000,177,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallSrvPlugin.dllMOD - [2012/11/23 15:13:45 | 000,730,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceAppPlugin.dllMOD - [2012/11/23 15:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NotifyServicePlugin.dllMOD - [2012/11/23 15:13:42 | 000,729,088 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceSrvPlugin.dllMOD - [2012/11/23 15:13:40 | 000,704,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsAppPlugin.dllMOD - [2012/11/23 15:13:39 | 000,219,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsSrvPlugin.dllMOD - [2012/11/23 15:13:38 | 000,593,408 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialupUIPlugin.dllMOD - [2012/11/23 15:13:38 | 000,157,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\STKSrvPlugin.dllMOD - [2012/11/23 15:13:38 | 000,142,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\USSDSrvPlugin.dllMOD - [2012/11/23 15:13:37 | 001,124,352 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookPlugin.dllMOD - [2012/11/23 15:13:33 | 000,672,768 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookSrvPlugin.dllMOD - [2012/11/23 15:13:31 | 000,236,032 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialUpPlugin.dllMOD - [2012/11/23 15:13:31 | 000,201,216 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISPlugin.dllMOD - [2012/11/23 15:13:30 | 000,247,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetSrvPlugin.dllMOD - [2012/11/23 15:13:20 | 000,065,536 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSPowerMgr.dllMOD - [2012/11/23 15:13:18 | 000,131,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSNDIS.dllMOD - [2012/11/23 15:13:17 | 000,288,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\sdk.dllMOD - [2012/11/23 15:13:17 | 000,166,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSDialup.dllMOD - [2012/11/23 15:13:17 | 000,102,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSAdapt.dllMOD - [2012/11/23 15:13:16 | 000,646,144 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AtCodec.dllMOD - [2012/11/23 15:13:14 | 000,195,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XCodec.dllMOD - [2012/11/23 15:13:12 | 000,583,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\PluginContainer.dllMOD - [2012/11/23 15:13:10 | 000,062,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSCall.dllMOD - [2012/11/23 15:13:09 | 000,187,392 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallAppPlugin.dllMOD - [2012/11/23 15:13:06 | 000,168,960 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ATR2SMgr.dllMOD - [2012/11/23 15:12:55 | 000,158,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectSrvPlugin.dllMOD - [2012/11/23 15:12:54 | 000,407,040 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Proxy.dllMOD - [2012/11/23 15:12:54 | 000,155,136 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DataServicePlugin.dllMOD - [2012/11/23 15:12:52 | 000,158,208 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Trace.dllMOD - [2012/11/23 15:12:51 | 000,628,224 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Common.dllMOD - [2012/11/12 12:48:40 | 000,694,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LiveUpdateInterface.dllMOD - [2012/11/01 21:10:52 | 000,370,176 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dllMOD - [2012/11/01 21:10:52 | 000,350,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qmng4.dllMOD - [2012/11/01 21:10:52 | 000,192,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dllMOD - [2012/11/01 21:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qgif4.dllMOD - [2012/11/01 21:10:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qico4.dllMOD - [2012/10/31 18:33:34 | 009,562,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtGui4.dllMOD - [2012/10/31 18:14:12 | 001,148,416 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtNetwork4.dllMOD - [2012/10/31 18:11:48 | 000,398,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtXml4.dllMOD - [2012/10/31 18:11:24 | 002,417,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtCore4.dllMOD - [2012/09/13 15:19:18 | 000,048,640 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dllMOD - [2012/07/27 15:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dllMOD - [2012/07/27 15:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dllMOD - [2012/07/27 15:53:54 | 001,114,112 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISAPI.dllMOD - [2012/06/06 10:22:00 | 000,224,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\tdpcvoice.dllMOD - [2012/06/06 10:22:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Win7Support.dllMOD - [2012/04/24 10:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dllMOD - [2012/04/13 12:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dllMOD - [2012/04/13 12:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files\Garena Plus\ServerMemAlloc.dllMOD - [2012/03/08 17:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\RSALib.dllMOD - [2012/02/22 17:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dllMOD - [2012/02/22 17:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dllMOD - [2012/02/22 17:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dllMOD - [2010/11/29 05:34:18 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dllMOD - [2010/05/12 19:25:00 | 000,037,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLLMOD - [2009/06/23 11:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\libgcc_s_dw2-1.dllMOD - [2009/01/11 03:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\mingwm10.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2013/12/16 19:01:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/11/15 03:10:07 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)SRV - [2013/10/01 21:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/09/23 23:22:04 | 000,654,552 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)SRV - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)SRV - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)SRV - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)SRV - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2010/11/20 21:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2010/09/30 04:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)SRV - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)SRV - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)SRV - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/03/06 02:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)SRV - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\air21\AppData\Local\Temp\catchme.sys -- (catchme)DRV - [2013/11/06 04:17:46 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus)DRV - [2013/08/15 18:01:50 | 000,122,376 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)DRV - [2013/08/15 18:01:06 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)DRV - [2013/08/15 18:00:26 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)DRV - [2013/04/05 20:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)DRV - [2012/12/03 19:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)DRV - [2012/10/30 13:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)DRV - [2012/09/29 22:58:32 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)DRV - [2012/08/20 09:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)DRV - [2012/08/20 09:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2012/01/09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2011/12/31 10:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)DRV - [2011/06/21 14:59:22 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)DRV - [2010/11/20 19:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)DRV - [2010/07/27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)DRV - [2010/07/05 04:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)DRV - [2010/05/12 19:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)DRV - [2010/03/18 14:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)DRV - [2010/03/11 18:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)DRV - [2010/01/08 19:50:08 | 000,232,448 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)DRV - [2010/01/07 13:32:24 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)DRV - [2009/07/14 09:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2008/05/12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)DRV - [2006/12/01 15:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303)DRV - [2006/04/25 11:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter303.sys -- (vmfilter303) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value foundIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-phIE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 B7 CC FB 78 4A CB 01 [binary data]IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value foundIE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.41FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23FF - prefs.js..network.proxy.backup.ftp: "172.0.21.21"FF - prefs.js..network.proxy.backup.ftp_port: 8888FF - prefs.js..network.proxy.backup.socks: "172.0.21.21"FF - prefs.js..network.proxy.backup.socks_port: 8888FF - prefs.js..network.proxy.backup.ssl: "172.0.21.21"FF - prefs.js..network.proxy.backup.ssl_port: 8888FF - prefs.js..network.proxy.ftp: "172.21.0.39"FF - prefs.js..network.proxy.ftp_port: 8088FF - prefs.js..network.proxy.gopher: "172.21.0.39"FF - prefs.js..network.proxy.gopher_port: 8088FF - prefs.js..network.proxy.http: "172.21.0.39"FF - prefs.js..network.proxy.http_port: 8088FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "172.21.0.39"FF - prefs.js..network.proxy.socks_port: 8088FF - prefs.js..network.proxy.ssl: "172.21.0.39"FF - prefs.js..network.proxy.ssl_port: 8088FF - prefs.js..network.proxy.type: 4FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 09:14:59 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:04:40 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/11/07 01:46:23 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M] [2010/09/27 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions[2013/12/27 22:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\an3ukoya.default\extensions[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2013/09/30 02:17:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5[2011/12/08 12:17:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2013/03/12 17:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll[2011/12/08 12:17:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/05/24 22:29:21 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml[2011/12/08 12:17:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dllCHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\IDMGCExt.dllCHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: PluginRichmediaplayer (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dllCHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllCHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Disabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLLCHR - plugin: Garena Talk Plugin (Disabled) = C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Nokia Suite Enabler Plugin (Disabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dllCHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dllCHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllCHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Attack on Titan Theme for 1440x900 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke\1.2_0\CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: IDM Integration = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadkjnljmcmhlhlnajpnfebchgiemack\0.9\CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\CHR - Extension: My Chrome Theme = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/11/07 21:13:06 | 000,003,412 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 activate.adobe.comO1 - Hosts: 127.0.0.1 activate-sjc0.adobe.comO1 - Hosts: 127.0.0.1 adobeereg.comO1 - Hosts: 127.0.0.1 practivate.adobe.comO1 - Hosts: 127.0.0.1 ereg.adobe.comO1 - Hosts: 127.0.0.1 www.adobeereg.comO1 - Hosts: 127.0.0.1 activate.wip3.adobe.comO1 - Hosts: 127.0.0.1 wip3.adobe.comO1 - Hosts: 127.0.0.1 3dns-3.adobe.comO1 - Hosts: 127.0.0.1 3dns-2.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.comO1 - Hosts: 127.0.0.1 ereg.wip3.adobe.comO1 - Hosts: 127.0.0.1 activate-sea.adobe.comO1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.comO1 - Hosts: 127.0.0.1 activate-sjc0.adobe.comO1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.comO1 - Hosts: 127.0.0.1 activate.adobe.comO1 - Hosts: 127.0.0.1 activate-sjc0.adobe.comO1 - Hosts: 127.0.0.1 adobeereg.comO1 - Hosts: 127.0.0.1 practivate.adobe.comO1 - Hosts: 127.0.0.1 ereg.adobe.comO1 - Hosts: 127.0.0.1 www.adobeereg.comO1 - Hosts: 69 more lines...O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [DriverMax_RESTART] File not foundO4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputers = 0O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDriveTypeAutoRun = 95O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O15 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09}: NameServer = 10.188.62.1 202.126.40.5O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857}: NameServer = 58.71.2.8,58.71.2.7O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0}: NameServer = 10.198.220.124 202.126.40.5O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/12/31 03:10:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe[2013/12/27 22:04:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/12/26 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes[2013/12/26 04:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/12/26 04:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/12/26 04:04:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2013/12/26 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2013/12/25 10:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\8aca19f1a27ddeff[2013/12/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MPC-HC[2013/12/24 18:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack[2013/12/24 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack[2013/12/22 15:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam[2013/12/22 07:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Integrated Camera Driver[2013/12/22 07:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Chicony Electronics Co.,Ltd[2013/12/22 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield[2013/12/22 07:36:23 | 000,132,864 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\drivers\5U877.sys[2013/12/22 07:36:23 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.ax[2013/12/22 07:27:57 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.dll[2013/12/22 06:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globe Tattoo Broadband[2013/12/22 06:46:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys[2013/12/22 06:46:22 | 000,379,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys[2013/12/22 06:46:22 | 000,205,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys[2013/12/22 06:46:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys[2013/12/22 06:46:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys[2013/12/22 06:46:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys[2013/12/22 06:46:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys[2013/12/22 06:46:22 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys[2013/12/22 06:46:22 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys[2013/12/22 06:46:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys[2013/12/22 06:46:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys[2013/12/22 06:46:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys[2013/12/17 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5[2013/12/17 17:05:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2013/12/17 04:44:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games[2013/12/17 04:44:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Pokemon Showdown[2013/12/17 04:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon Showdown[2013/12/09 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix[2013/12/08 00:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax[2013/12/08 00:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/12/31 03:08:19 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/12/31 03:08:19 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe[2013/12/31 03:01:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/12/31 03:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/12/31 03:00:48 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys[2013/12/30 22:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/12/30 22:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job[2013/12/30 22:46:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job[2013/12/30 22:25:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500UA.job[2013/12/30 21:32:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job[2013/12/30 21:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job[2013/12/30 18:25:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500Core.job[2013/12/29 23:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job[2013/12/29 00:30:39 | 000,673,540 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/12/29 00:30:39 | 000,128,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/12/29 00:09:39 | 000,000,084 | ---- | M] () -- C:\Windows\option.ini[2013/12/28 17:13:35 | 003,794,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2013/12/28 04:46:59 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs[2013/12/25 02:27:03 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs[2013/12/22 06:48:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/12/26 04:25:25 | 003,794,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2013/12/22 18:58:46 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs[2013/12/22 18:26:56 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs[2013/12/22 06:48:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf[2013/12/17 04:42:02 | 000,001,974 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk[2013/12/08 18:41:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job[2013/11/09 01:49:18 | 000,000,084 | ---- | C] () -- C:\Windows\option.ini[2013/11/07 02:29:16 | 000,007,760 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel[2013/09/21 14:06:54 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll[2013/09/21 14:06:44 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL[2013/09/21 14:06:43 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe[2013/09/21 14:06:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL[2013/08/10 08:06:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/08/10 08:06:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/08/10 08:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/08/10 08:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/08/10 08:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/03/30 21:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2013/03/29 10:09:38 | 000,000,884 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol[2012/12/10 03:02:58 | 000,202,080 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat[2012/11/13 18:00:00 | 000,000,113 | ---- | C] () -- C:\Windows\ODBC.INI[2012/11/13 17:57:12 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe[2012/10/07 12:21:11 | 000,007,597 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg[2012/05/26 16:56:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2012/05/26 16:56:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2012/05/24 20:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\syconfig.INI[2012/05/24 20:15:15 | 000,243,712 | ---- | C] () -- C:\Windows\System32\libunic.dll[2012/05/24 20:10:20 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini[2010/10/04 10:01:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2013/12/22 02:54:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Ultra[2013/12/30 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache[2010/11/10 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson[2013/07/21 02:37:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena[2013/12/31 03:05:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus[2013/12/26 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDM[2013/12/09 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix[2013/12/24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC[2013/12/28 05:44:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rainmeter[2013/12/17 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1[2013/08/17 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer[2013/12/31 03:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9D742B1A < End of report >
  10. Hello! Today i'd like to ask what's causing these phenomenons in my laptop. It has been there since i received this from my dad months ago. It doesn't bother me much but now that i'm on the pro's forum place, i wanna know. Problems: 1. I cannot chance my windows password. I can do it on command prompt just fine but not on the usual place. Notes: I am the only account in this laptop. I am the only administrator so this laptop should be following my orders. My windows is genuine and legit. This is not cracked. 2. When clicking on any of these bluetooth shenanigans, my explorer restarts. Notes: I tried removing them on devices and printers so i turned my bluetooth on so i can see them all even if the devices are not here but they just, well, came back so i turned my bluetooth back off. I never use it anyways. 3. My Flashdrive icon won't change. Notes: The autorun in the flashdrive is correct and the icon that i want is in the root aswell. It works on other computers but just not on this laptop. No screenies for this one since it will be useless anyways. Other notes: I am malware free. Well, i still have this extension in chrome that won't go away but that's not whats causing this anyways. I know cause i got this laptop even before i got that extension so yeah, these problems listed are not from any malware i suppose. Good day and thanks for reading!
  11. Cool song to play. Too bad this isn't me playing lol btw i'm using chrome and i can't seem to see any of the youtube videos posted here. Some yellow triangle on a padlock is beside my https;//
  12. Hello everyone. Just wanted to drop this topic by while waiting. I definitely don't belong here though lol. Currently at my 2nd year in BSIT(i think our education level here is too low cause we 2nd years are currently only studying Photoshop, HTML, VB.net and some Electronics). I like watching animes rather than TV series cause i find them entertaining and i learn from them.My top 1 is AnoHana. Anyone here somewhat watches some animes? Probably none lol. I play o2jam! Ha! I currently can pass a lvl28 song and improving. My goal for now is to clear Earthquake [Hard]. MOBA games? Well, i play HoN with a 1711 MMR. I use Garena since i live in Asia(i want to play with the NA and EU players though). No League for me. I also play the guitar. I sometimes want to sing though. Almost all of the forums i've been through is that i made an introduction post so i decided to make one here(hope its ok lol) NOTE: only read this if you are bored Here's my story on how i got here: Its the holidays vacation(hell yeah) so i'll be traveling to my parents' home. So i packed everything and left my house. Naturally, i brought my laptop since the one they use there probably has 999 unwanted toolbars running on each browser. Well, everything was fine and all on my laptop until i went to sleep on the 25th(morning, after celebrations). Waking up at 6pm, i went to browse my facebook on my laptop(i left it open) and found a chrome extension i've never seen before. I tried removing it, and failed cause it kept coming back. Aaand there! I found this forum and made a help topic. Duuunnnnn Well, time to sleep now since its 6am while i'm typing this. Seeya tommorow!
  13. Hello everyone. I don't think i belong here though.
  14. That took like, forever. Here's the logs: C:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable.rar a variant of Win32/RiskWare.HackAV.JA application deleted - quarantinedC:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup.rar a variant of Win32/RiskWare.HackAV.JA application deleted - quarantinedC:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable\TNod-1.4.2.3-Final-Portable\TNODUP-Portable.exe a variant of Win32/RiskWare.HackAV.JA application deleted - quarantinedC:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe a variant of Win32/RiskWare.HackAV.JA application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\DAEMONToolsUltra200-0159.exe multiple threats cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\DraStic_DS_Emulator_Apk_v2.1.6.2a_Full_Proper_v2_Android_Apps.zip.exe Win32/InstalleRex.M application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\drivermax_7_25_cnet.exe a variant of Win32/DealPly.I application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\Programs\winamp565_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Users\Administrator\Downloads\The.Walking.Dead.Season.2.Episode.1-RELOADED\rld-twd2e1.iso a variant of Win32/HackTool.Crack.BL application deleted - quarantined
  15. Here it is: Junkware Removal Tool log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Professional x86Ran by Administrator on 12/27/2013 Fri at 21:58:58.14~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer proSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-powerdirector-11_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-powerdirector-11_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_microsoft-security-essentials_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_microsoft-security-essentials_RASMANCS ~~~ Files ~~~ Folders ~~~ FireFox Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\an3ukoya.default\extensions\staged ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 12/27/2013 Fri at 22:02:06.56Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log: # AdwCleaner v3.016 - Report created 27/12/2013 at 22:06:00 # Updated 23/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : Administrator - AFMNLSLROPSXX20# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\QuickSetFolder Deleted : C:\ProgramData\YoutubeAdblockerFolder Deleted : C:\ProgramData\surf and kkeEp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DDCE885-25F4-4E06-A10E-C7D1D4A97ECF}[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDCE885-25F4-4E06-A10E-C7D1D4A97ECF}Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : HKLM\Software\AVG SafeGuard toolbarKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v8.0.1 (en-US) [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\an3ukoya.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [2241 octets] - [27/12/2013 22:04:55]AdwCleaner[s0].txt - [2200 octets] - [27/12/2013 22:06:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2260 octets] ########## Malwarebytes' Anti-Malware log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.12.25.05 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 11.0.9600.16428Administrator :: AFMNLSLROPSXX20 [administrator] 12/27/2013 10:08:43 PMmbam-log-2013-12-27 (22-08-43).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 240071Time elapsed: 8 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  16. Truly sorry. I didn't notice that part. Anyways here it is dds.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 1.6.0_26Run by Administrator at 5:40:50 on 2013-12-26Microsoft Windows 7 Professional 6.1.7601.1.932.81.1033.18.1909.607 [GMT 9:00].AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Windows\system32\CISVC.EXEC:\Program Files\Connectify\ConnectifyService.exeC:\Program Files\Connectify\ConnectifyD.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Windows\system32\conhost.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Garena Plus\ggdllhost.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exeC:\ProgramData\DatacardService\HWDeviceService.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\ProgramData\DatacardService\DCSHelper.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\System32\rundll32.exeC:\Program Files\Lenovo\Communications Utility\TPKNRRES.exeC:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\System32\tcpsvcs.exeC:\Windows\System32\snmp.exeC:\Program Files\Rainmeter\Rainmeter.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\alg.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXEC:\Windows\System32\WUDFHost.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\ProgramData\DatacardService\DCSHelper.exeC:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exeC:\Windows\Explorer.EXEC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Garena Plus\GarenaMessenger.exeC:\Program Files\Garena Plus\bbtalk\BBtalk.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k apphostC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k iissvcsC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k WindowsMobileC:\Windows\system32\svchost.exe -k SDRSVC.============== Pseudo HJT Report ===============.uProxyServer = 172.21.0.39:8088uProxyOverride = <local>uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>mURLSearchHooks: <No Name>: - LocalServer32 - <no file>BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllBHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dlluRun: [DriverMax_RESTART] <no file>mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitormRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exemRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitserviceStartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exeuPolicies-Explorer: NoPropertiesMyComputers = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0uPolicies-System: NoDriveTypeAutoRun = dword:95mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htmIE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htmIE: Download with IDM - c:\program files\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htmTCP: Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09} : NameServer = 202.126.40.5 222.127.143.5TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\26167716C602D6167636F6E6E6563647 : DHCPNameServer = 192.168.126.1TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\3402D20213236383023716973702D45627279702348627963747D61637 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\C496E616D27657563747 : DHCPNameServer = 192.168.15.1 192.168.33.1TCP: Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857} : NameServer = 58.71.2.8,58.71.2.7TCP: Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0} : NameServer = 10.188.62.1 202.126.40.5Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\an3ukoya.default\FF - prefs.js: network.proxy.ftp - 172.21.0.39FF - prefs.js: network.proxy.ftp_port - 8088FF - prefs.js: network.proxy.gopher - 172.21.0.39FF - prefs.js: network.proxy.gopher_port - 8088FF - prefs.js: network.proxy.http - 172.21.0.39FF - prefs.js: network.proxy.http_port - 8088FF - prefs.js: network.proxy.socks - 172.21.0.39FF - prefs.js: network.proxy.socks_port - 8088FF - prefs.js: network.proxy.ssl - 172.21.0.39FF - prefs.js: network.proxy.ssl_port - 8088FF - prefs.js: network.proxy.type - 4FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dllFF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nppluginrichmediaplayer.dllFF - plugin: c:\program files\winamp detect\npwachk.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\administrator\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npo1d.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll.============= SERVICES / DRIVERS ===============.R1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\drivers\cnnctfy2.sys [2012-9-29 27248]R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-8-15 188808]R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-7-27 13480]R2 Connectify;Connectify;c:\program files\connectify\ConnectifyService.exe [2011-9-30 69632]R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-8-15 122376]R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-15 271712]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-4-5 101168]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-1-15 50536]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-7-27 45496]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-1-15 74088]R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-7-27 63928]R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-27 2320920]R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2013-12-22 132864]R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-11-6 24704]R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2013-12-22 379392]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-12-22 76544]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-27 132352]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-27 232448]R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-18 6758912]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-27 75112]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2013-12-22 657504]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-3 29472]S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-9-23 654552]S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-12-22 102784]S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-12-22 11136]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-9-23 49088]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-12-22 96000]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-15 108032]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-9 52224]S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2010-10-2 428160]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-30 1343400]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-27 5087584].=============== Created Last 30 ================.2013-12-25 19:04:21 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes2013-12-25 19:04:15 -------- d-----w- c:\programdata\Malwarebytes2013-12-25 19:04:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-25 19:04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-25 01:43:46 -------- d-----w- c:\programdata\QuickSet2013-12-25 01:43:07 -------- d-----w- c:\programdata\YoutubeAdblocker2013-12-25 01:42:49 -------- d-----w- c:\programdata\surf and kkeEp2013-12-25 01:42:32 -------- d-----w- c:\programdata\8aca19f1a27ddeff2013-12-24 09:55:00 -------- d-----w- c:\users\administrator\appdata\roaming\MPC-HC2013-12-24 09:53:46 -------- d-----w- c:\program files\Combined Community Codec Pack2013-12-22 06:34:24 -------- d-----w- c:\programdata\Steam2013-12-21 22:36:56 -------- d-----w- c:\program files\Integrated Camera Driver2013-12-21 22:36:55 -------- d-----w- c:\program files\Chicony Electronics Co.,Ltd2013-12-21 22:36:23 132864 ----a-w- c:\windows\system32\drivers\5U877.sys2013-12-21 22:36:23 106496 ----a-w- c:\windows\system32\5U877.ax2013-12-21 22:27:57 106496 ----a-w- c:\windows\system32\5U877.dll2013-12-21 21:46:22 96000 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys2013-12-21 21:46:22 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys2013-12-21 21:46:22 76544 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys2013-12-21 21:46:22 70272 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys2013-12-21 21:46:22 379392 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys2013-12-21 21:46:22 27520 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys2013-12-21 21:46:22 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys2013-12-21 21:46:22 205312 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys2013-12-21 21:46:22 199168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys2013-12-21 21:46:22 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys2013-12-21 21:46:22 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys2013-12-21 21:46:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys2013-12-17 08:05:06 -------- d-----w- c:\users\administrator\appdata\roaming\Adobe Mini Bridge CS52013-12-17 08:05:05 -------- d-----w- c:\users\administrator\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.12013-12-16 19:44:03 -------- d-----w- c:\users\administrator\appdata\local\Pokemon Showdown2013-12-16 19:41:55 -------- d-----w- c:\program files\Pokemon Showdown2013-12-08 15:00:02 -------- d-----w- c:\users\administrator\appdata\roaming\mkvtoolnix2013-12-07 15:44:03 -------- d-----w- c:\program files\Innovative Solutions2013-11-28 20:01:26 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a54813c4-4330-4b54-b624-1fddeb1d0e92}\mpengine.dll2013-11-28 17:03:07 -------- d-----w- c:\users\administrator\appdata\roaming\mIRC2013-11-27 15:23:05 -------- d-----w- c:\programdata\RELOADED.==================== Find3M ====================.2013-12-16 10:01:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-16 10:01:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-11-14 18:07:18 640512 ----a-w- c:\windows\system32\advapi32.dll2013-11-14 18:07:18 1289096 ----a-w- c:\windows\system32\ntdll.dll2013-11-14 18:07:17 619520 ----a-w- c:\windows\system32\tdh.dll2013-11-14 18:07:17 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-11-14 18:07:16 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe2013-11-14 18:06:54 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-11-14 18:06:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-14 18:06:53 231424 ----a-w- c:\windows\system32\mswsock.dll2013-11-14 18:06:28 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-11-10 20:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe2013-11-05 19:17:46 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys.============= FINISH: 5:41:07.15 =============== attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 9/2/2010 3:53:08 PMSystem Uptime: 12/26/2013 4:25:13 AM (1 hours ago).Motherboard: LENOVO | | 05784WAProcessor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 298 GiB total, 4.374 GiB free.D: is CDROM ()E: is CDROM (CDFS)F: is RemovableG: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Photoshop CS5Adobe Reader X (10.1.8)CCleanerCombined Community Codec Pack 2013-11-27ConnectifyDAEMON Tools UltraDefragglerDriverMax 7EPSON Printer SoftwareEPSON ScanESET NOD32 AntivirusGlobe Tattoo BroadbandGoogle ChromeGoogle Talk PluginGoogle Update HelperIntegrated Camera Driver Installer Package Ver.1.0.1.9Integrated Camera TWAINInternet Download ManagerMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Mouse and Keyboard CenterMicrosoft Office Excel 2007Microsoft Office OneNote 2007Microsoft Office PowerPoint 2007Microsoft Office Publisher 2007Microsoft Office Word 2007Microsoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Nokia Connectivity Cable DriverPDF Settings CS5Pokemon ShowdownRainmeterSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)TeamViewer 8Unlocker 1.9.2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)WinampWinamp Detector Plug-in.==== Event Viewer Messages From Past Week ========.12/26/2013 4:26:47 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).12/26/2013 4:26:16 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.12/26/2013 4:26:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.12/26/2013 4:26:09 AM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/26/2013 4:24:10 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll.==== End Of File ===========================
  17. Oh wait, i forgot to remove the walking dead so: here's the really fresh dds.txt:dds.txt and attach.txt: attach.txt
  18. Hello sir. Oookay so i-uninstalled uTorrent(cries) and my crack for ESET Antiv. That's all there is for me on cracks. Here's the new dds.txt: dds.txt Here's the new attach.txt(just incase): attach.txt
  19. Why is there no edit button for my post? Lel. Anyways, i wanted to tell that the unwanted extension i'm talking about is the Bookmark tube thing and not the IDM. Thanks for reading again.
  20. So i did what you said cause i know this forum is cool and all(installed malwarebytes, ran a quick scan, deleted the 7 detected threats and rebooted then did another quickscan and detected 0 threats) but when i came back the extension is still there so i decided to post here. My first scan log:mbam-log-2013-12-26 (04-15-00).txt dds.txt:dds.txt attach.txt:attach.txt If it sorta helps, this is the picture of the extension that's bugging me since yesterday: Thanks for reading and happy holidays!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.