Jump to content
Sign in to follow this  
Lolaaronlol

hacktool.tookit and trojan

Recommended Posts

got found after i stupidly "updated" my adobe. shouldve known. i usually always just exit all that crap anyways. cant believe i finally got hit with a virus. been 4 years. anyways heres the logs

attatched are the txt files.

im basically pondering the decision to reformat this computer or just get rid of the virus. i heard that it is still unsafe after you get hit once but i feel that if i can guarantee the deletion of this virus i would have the peace of mind to not reformat.

thanks for all your help.

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello Lolaaronlol and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 7/8/2012 11:34:17 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Aaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 72.38% Memory free

11.98 Gb Paging File | 10.29 Gb Available in Paging File | 85.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 733.77 Gb Free Space | 78.78% Space Free | Partition Type: NTFS

Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 11:30:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

PRC - [2012/05/30 10:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe

PRC - [2012/03/19 04:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/02/29 17:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE

PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2012/01/04 21:10:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe

PRC - [2011/03/24 08:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 10:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)

SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/06/24 00:03:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/16 12:13:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/19 04:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/29 17:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/02/23 22:41:41 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/01/04 21:10:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/08/17 08:52:04 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)

SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/10/19 05:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 05:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/08/21 19:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2011/08/21 19:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/08/03 21:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/06 13:14:33 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)

DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)

DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)

DRV - [2012/07/08 03:12:36 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120706.036\ex64.sys -- (NAVEX15)

DRV - [2012/07/08 03:12:36 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)

DRV - [2012/07/08 03:12:36 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120706.036\eng64.sys -- (NAVENG)

DRV - [2012/06/18 17:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/06/14 11:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/05/30 20:03:14 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/06/07 16:04:05 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/19 09:34:30 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 C7 75 0A 8D 09 CD 01 [binary data]

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS392&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=_Ck0XfwXb6tdmJqrXwAD9EvkUuk?q={searchTerms}

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 9853

FF - prefs.js..network.proxy.socks_remote_dns: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/20 11:27:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/07/08 11:25:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 12:13:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 10:58:24 | 000,000,000 | ---D | M]

[2011/07/19 01:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions

[2012/05/01 21:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\3ldp9k7z.default\extensions

[2011/11/10 01:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/05 00:11:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/14 09:13:45 | 000,010,722 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LDP9K7Z.DEFAULT\EXTENSIONS\SUPPORT-MIN@WOLFRAM.COM.XPI

[2012/06/16 12:13:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/10 01:47:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Skype Click to Call = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

CHR - Extension: Gmail = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000..\Run: [Octoshape Streaming Services] C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1005..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8988C12-5DF6-4DC1-9709-95FBD9ED680E}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4dd9502a-99b2-11df-ac62-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{4dd9502a-99b2-11df-ac62-001fbc091f29}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{81235c89-0389-11e0-b3e0-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{81235c89-0389-11e0-b3e0-001fbc091f29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{f5c28a28-b7e1-11df-b3da-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{f5c28a28-b7e1-11df-b3da-001fbc091f29}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 11:30:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2012/07/08 03:19:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr

[2012/07/08 03:17:47 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/08 02:44:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes

[2012/07/08 02:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/08 02:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/08 02:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/26 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA

[2012/06/24 02:03:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F1135356-6E3D-4DB8-B649-3ED2CA98D50E}

[2012/06/23 23:48:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Macromedia

[2012/06/13 19:59:14 | 000,000,000 | ---D | C] -- C:\1ee1d3565d825d1e7887d134fd0247

[2012/06/13 01:47:04 | 000,000,000 | ---D | C] -- C:\dcfd6fcb033d37e72e025e514d

[2012/06/12 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM

[2012/06/12 10:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility

[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/08 11:33:53 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/08 11:33:53 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/08 11:30:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2012/07/08 11:26:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/08 11:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/08 11:25:19 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/08 03:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325494298-641319619-2425575681-1000UA.job

[2012/07/08 03:22:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/08 03:19:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr

[2012/07/08 03:14:13 | 001,988,710 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\Cat.DB

[2012/07/08 03:05:36 | 329,831,815 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/07 12:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/06 19:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325494298-641319619-2425575681-1000Core.job

[2012/07/04 12:00:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/07/04 12:00:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/07/04 12:00:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/30 21:57:20 | 000,002,359 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk

[2012/06/27 15:10:54 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/06/26 13:23:25 | 016,733,734 | ---- | M] () -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA.zip

[2012/06/26 00:51:02 | 000,008,414 | ---- | M] () -- C:\Users\Aaron\Desktop\dvd.mds

[2012/06/26 00:51:01 | 3938,058,239 | ---- | M] () -- C:\Users\Aaron\Desktop\dvd.iso

[2012/06/14 19:41:07 | 000,062,144 | ---- | M] () -- C:\Users\Aaron\Desktop\ygyg.png

[2012/06/13 14:41:50 | 000,414,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/12 12:47:46 | 000,001,085 | -H-- | M] () -- C:\IPH.PH

[2012/06/12 10:58:50 | 000,001,935 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2012/06/12 10:58:50 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk

[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 15:10:54 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012/06/27 15:10:53 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/06/26 13:23:10 | 016,733,734 | ---- | C] () -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA.zip

[2012/06/26 00:51:02 | 000,008,414 | ---- | C] () -- C:\Users\Aaron\Desktop\dvd.mds

[2012/06/26 00:39:02 | 3938,058,239 | ---- | C] () -- C:\Users\Aaron\Desktop\dvd.iso

[2012/06/23 23:48:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/14 19:41:06 | 000,062,144 | ---- | C] () -- C:\Users\Aaron\Desktop\ygyg.png

[2012/04/25 00:34:44 | 000,000,600 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\winscp.rnd

[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/10 17:16:16 | 000,002,048 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\{5af1901e-2a54-7fba-ac6e-a60e31a1d6da}\@

[2011/07/19 01:27:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/05/18 20:46:58 | 000,001,940 | ---- | C] () -- C:\Users\Aaron\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/04/03 19:32:15 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2011/03/29 06:05:48 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll

[2011/03/13 23:18:10 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe

[2010/11/26 12:18:51 | 000,188,204 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/10/25 23:37:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/10/10 23:04:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/10/05 12:42:21 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe

[2010/08/15 19:55:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/08/15 19:55:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/08/12 11:45:20 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini

[2010/07/30 00:29:10 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2010/07/30 00:29:10 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat

========== LOP Check ==========

[2010/07/11 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\acccore

[2011/05/02 22:52:10 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft

[2011/07/01 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/01/03 22:19:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1

[2012/04/01 23:52:39 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Downloaded Installations

[2012/02/26 22:55:53 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\ImgBurn

[2010/10/02 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LolClient

[2012/05/23 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LolClient2

[2011/09/23 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\NJStar

[2011/10/21 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Octoshape

[2011/10/25 18:41:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Origin

[2012/04/03 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Pokemon Online

[2011/07/03 23:31:37 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PPLive

[2010/10/05 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Publish Providers

[2010/09/02 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Samsung

[2011/03/13 23:18:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SoftMaker

[2012/03/12 15:26:14 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sony

[2011/10/02 18:37:21 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SplitMediaLabs

[2012/05/06 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Stardock

[2012/05/15 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SystemRequirementsLab

[2012/06/27 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TeamViewer

[2012/01/01 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Tific

[2011/03/14 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Windows Live Writer

[2012/06/09 11:51:17 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Share this post


Link to post
Share on other sites

OTL logfile created on: 7/8/2012 11:34:17 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Aaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 72.38% Memory free

11.98 Gb Paging File | 10.29 Gb Available in Paging File | 85.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 733.77 Gb Free Space | 78.78% Space Free | Partition Type: NTFS

Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 11:30:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

PRC - [2012/05/30 10:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe

PRC - [2012/03/19 04:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/02/29 17:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE

PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2012/01/04 21:10:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe

PRC - [2011/03/24 08:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 10:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)

SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/06/24 00:03:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/16 12:13:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/19 04:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/02/29 17:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/02/23 22:41:41 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/01/04 21:10:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/08/17 08:52:04 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)

SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/10/19 05:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 05:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/08/21 19:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2011/08/21 19:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/08/03 21:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/06 13:14:33 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)

DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)

DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)

DRV - [2012/07/08 03:12:36 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120706.036\ex64.sys -- (NAVEX15)

DRV - [2012/07/08 03:12:36 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)

DRV - [2012/07/08 03:12:36 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120706.036\eng64.sys -- (NAVENG)

DRV - [2012/06/18 17:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/06/14 11:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/05/30 20:03:14 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/06/07 16:04:05 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/19 09:34:30 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 C7 75 0A 8D 09 CD 01 [binary data]

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS392&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=_Ck0XfwXb6tdmJqrXwAD9EvkUuk?q={searchTerms}

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 9853

FF - prefs.js..network.proxy.socks_remote_dns: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/20 11:27:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/07/08 11:25:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 12:13:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 10:58:24 | 000,000,000 | ---D | M]

[2011/07/19 01:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions

[2012/05/01 21:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\3ldp9k7z.default\extensions

[2011/11/10 01:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/05 00:11:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/14 09:13:45 | 000,010,722 | ---- | M] () (No name found) -- C:\USERS\AARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LDP9K7Z.DEFAULT\EXTENSIONS\SUPPORT-MIN@WOLFRAM.COM.XPI

[2012/06/16 12:13:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/10 01:47:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Skype Click to Call = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

CHR - Extension: Gmail = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000..\Run: [Octoshape Streaming Services] C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1005..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1325494298-641319619-2425575681-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8988C12-5DF6-4DC1-9709-95FBD9ED680E}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4dd9502a-99b2-11df-ac62-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{4dd9502a-99b2-11df-ac62-001fbc091f29}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{81235c89-0389-11e0-b3e0-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{81235c89-0389-11e0-b3e0-001fbc091f29}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{f5c28a28-b7e1-11df-b3da-001fbc091f29}\Shell - "" = AutoRun

O33 - MountPoints2\{f5c28a28-b7e1-11df-b3da-001fbc091f29}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 11:30:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2012/07/08 03:19:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr

[2012/07/08 03:17:47 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/08 02:44:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Malwarebytes

[2012/07/08 02:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/08 02:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/08 02:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/26 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA

[2012/06/24 02:03:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F1135356-6E3D-4DB8-B649-3ED2CA98D50E}

[2012/06/23 23:48:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Macromedia

[2012/06/13 19:59:14 | 000,000,000 | ---D | C] -- C:\1ee1d3565d825d1e7887d134fd0247

[2012/06/13 01:47:04 | 000,000,000 | ---D | C] -- C:\dcfd6fcb033d37e72e025e514d

[2012/06/12 10:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM

[2012/06/12 10:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility

[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/08 11:33:53 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/08 11:33:53 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/08 11:30:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe

[2012/07/08 11:26:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/08 11:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/08 11:25:19 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/08 03:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325494298-641319619-2425575681-1000UA.job

[2012/07/08 03:22:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/08 03:19:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr

[2012/07/08 03:14:13 | 001,988,710 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\Cat.DB

[2012/07/08 03:05:36 | 329,831,815 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/07 12:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/06 19:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325494298-641319619-2425575681-1000Core.job

[2012/07/04 12:00:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/07/04 12:00:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/07/04 12:00:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/30 21:57:20 | 000,002,359 | ---- | M] () -- C:\Users\Aaron\Desktop\Google Chrome.lnk

[2012/06/27 15:10:54 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/06/26 13:23:25 | 016,733,734 | ---- | M] () -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA.zip

[2012/06/26 00:51:02 | 000,008,414 | ---- | M] () -- C:\Users\Aaron\Desktop\dvd.mds

[2012/06/26 00:51:01 | 3938,058,239 | ---- | M] () -- C:\Users\Aaron\Desktop\dvd.iso

[2012/06/14 19:41:07 | 000,062,144 | ---- | M] () -- C:\Users\Aaron\Desktop\ygyg.png

[2012/06/13 14:41:50 | 000,414,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/12 12:47:46 | 000,001,085 | -H-- | M] () -- C:\IPH.PH

[2012/06/12 10:58:50 | 000,001,935 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2012/06/12 10:58:50 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk

[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 15:10:54 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012/06/27 15:10:53 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012/06/26 13:23:10 | 016,733,734 | ---- | C] () -- C:\Users\Aaron\Desktop\Kingdom Hearts - Chain of Memories - GBA.zip

[2012/06/26 00:51:02 | 000,008,414 | ---- | C] () -- C:\Users\Aaron\Desktop\dvd.mds

[2012/06/26 00:39:02 | 3938,058,239 | ---- | C] () -- C:\Users\Aaron\Desktop\dvd.iso

[2012/06/23 23:48:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/14 19:41:06 | 000,062,144 | ---- | C] () -- C:\Users\Aaron\Desktop\ygyg.png

[2012/04/25 00:34:44 | 000,000,600 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\winscp.rnd

[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/10 17:16:16 | 000,002,048 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\{5af1901e-2a54-7fba-ac6e-a60e31a1d6da}\@

[2011/07/19 01:27:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/05/18 20:46:58 | 000,001,940 | ---- | C] () -- C:\Users\Aaron\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/04/03 19:32:15 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2011/03/29 06:05:48 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll

[2011/03/13 23:18:10 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe

[2010/11/26 12:18:51 | 000,188,204 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/10/25 23:37:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/10/10 23:04:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/10/05 12:42:21 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe

[2010/08/15 19:55:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/08/15 19:55:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/08/12 11:45:20 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini

[2010/07/30 00:29:10 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2010/07/30 00:29:10 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat

========== LOP Check ==========

[2010/07/11 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\acccore

[2011/05/02 22:52:10 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\AnvSoft

[2011/07/01 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/01/03 22:19:52 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1

[2012/04/01 23:52:39 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Downloaded Installations

[2012/02/26 22:55:53 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\ImgBurn

[2010/10/02 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LolClient

[2012/05/23 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LolClient2

[2011/09/23 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\NJStar

[2011/10/21 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Octoshape

[2011/10/25 18:41:46 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Origin

[2012/04/03 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Pokemon Online

[2011/07/03 23:31:37 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PPLive

[2010/10/05 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Publish Providers

[2010/09/02 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Samsung

[2011/03/13 23:18:26 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SoftMaker

[2012/03/12 15:26:14 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sony

[2011/10/02 18:37:21 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SplitMediaLabs

[2012/05/06 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Stardock

[2012/05/15 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SystemRequirementsLab

[2012/06/27 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TeamViewer

[2012/01/01 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Tific

[2011/03/14 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Windows Live Writer

[2012/06/09 11:51:17 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Share this post


Link to post
Share on other sites

BLEH I ACCIDENTALLY PASTED IT TWICE. HERE IS THE EXTRAS FILE

OTL Extras logfile created on: 7/8/2012 11:34:17 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Aaron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 72.38% Memory free

11.98 Gb Paging File | 10.29 Gb Available in Paging File | 85.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 733.77 Gb Free Space | 78.78% Space Free | Partition Type: NTFS

Drive D: | 7.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B689D7-353F-4748-9BD4-FA6C51FD5118}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |

"{03703C16-AEA9-486B-B83A-948D118DE23C}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |

"{060762A0-E2B9-4D4E-B38D-8CCC9D44D8C6}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher |

"{07A6DD91-495D-4BF5-82F6-953399BD5E72}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |

"{0884791E-AF4C-4DC9-9A24-AEF2A428AB0A}" = lport=57380 | protocol=6 | dir=in | name=pando media booster |

"{0B7B590B-75B9-494E-B359-0129D8E2311A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{0CC40C9F-BC90-4589-A3F0-D34ECB95F623}" = lport=138 | protocol=17 | dir=in | app=system |

"{10A0934F-506B-4FE8-B6D1-9471D212FE07}" = lport=56674 | protocol=17 | dir=in | name=pando media booster |

"{11CA921C-2BA0-4B0F-952D-2122DEE42406}" = lport=139 | protocol=6 | dir=in | app=system |

"{1CF41433-08C6-4AD5-815E-5DD58C7F1572}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{22026911-4FA5-4CA6-98D2-F3DB40A142D9}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |

"{22D31ABE-879B-4A77-8765-481463D0E8EC}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |

"{29E09A3E-BB16-46C2-A09B-A504753B971E}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |

"{300309F1-27DB-4A37-8A25-3665EB03DF21}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3049E2B7-C8E7-41B5-A3E8-2A195CC25796}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher |

"{33A8A068-B7C9-4F9E-930B-5FF17CB8948F}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |

"{351699F8-5132-4F4E-B7B9-F65903DF1020}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |

"{3687EA26-7AF6-4593-8524-1A09074B3D71}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |

"{37913584-8267-491D-B7EA-35036B669B43}" = lport=57380 | protocol=6 | dir=in | name=pando media booster |

"{393C3EF5-B33F-4107-BA2E-5EA2943A58DC}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |

"{3963C3C8-C06B-4B40-AE2F-51F134A92AFE}" = lport=56674 | protocol=17 | dir=in | name=pando media booster |

"{4042F9D9-CE22-42D1-A73B-8C8DE063D3A5}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |

"{43B5D7E2-3CBD-4763-B99A-DAD93AB2C36D}" = lport=56674 | protocol=6 | dir=in | name=pando media booster |

"{45B6C9BF-61E4-45DE-ADA5-1382E4D4B68A}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |

"{47E3441C-A622-480C-80DB-D797D0EF7995}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{4837E6F0-CE29-4748-B435-A5041AEB66A9}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher |

"{48383670-4D09-4743-9AEB-7E1EDDB1CAD1}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |

"{48FE4F59-6C37-4A12-9BFC-61934C7D17C8}" = lport=137 | protocol=17 | dir=in | app=system |

"{4D2E6898-8827-4E58-9A35-948925575B88}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher |

"{506E8628-7024-4671-96EC-C49FA30686E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{50A88CC7-3EB6-4E8D-B2EF-251B6DA2C19B}" = lport=57380 | protocol=17 | dir=in | name=pando media booster |

"{5535302C-83C0-4C50-887F-ACFE73C10A2F}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |

"{5673B0A4-D2B3-4B2B-BAD8-ACE8FC26FBE1}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |

"{573A3D66-EF45-4E44-8E76-4E36D5085371}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5C814C6D-471D-45AA-8147-90BD780E9830}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{6099FF62-FEBB-4747-A644-BC805FBD1BF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{61B6AF07-12B4-47EA-AF9A-4C0F29D23DD8}" = rport=138 | protocol=17 | dir=out | app=system |

"{628B4441-D65A-4499-8EEB-5E185673C1DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{658FB1EC-C943-41C2-8E1B-E8C7CCBB7903}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |

"{6858ECB0-6DCE-4910-94BA-BB3845C8EC11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6E1A7DE0-C6F6-46DC-86EE-1A34EE0B37E7}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{72FCD3CE-7D51-4A37-B7A6-F4E4C5E91F74}" = lport=6922 | protocol=17 | dir=in | name=league of legends launcher |

"{73F942B8-A31D-4846-872F-7A32B771322F}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |

"{74194455-8DC4-42C9-9403-4F94E63A4564}" = rport=445 | protocol=6 | dir=out | app=system |

"{76A15341-ACA2-42A0-8947-7286B54FF038}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |

"{778E04BC-5D1F-4D33-AE63-FACB4FB2D498}" = lport=2869 | protocol=6 | dir=in | app=system |

"{77907EB2-2C65-4289-B1FA-323C661F7182}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher |

"{787EA83E-A9D9-4C10-A019-90DBE36329BF}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher |

"{79EC7FD3-5005-4609-9993-68DB10006812}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |

"{7BBD1435-6888-417F-850A-3816FC8E846E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7D682625-E0F4-4F50-99BA-732B8B10F8EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7DEA3C0E-D917-4E42-9713-79270544923B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7DEDD3A3-13B7-45FB-8FA1-CC3BDE2FD53D}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher |

"{7F407FB4-81F4-4464-AA92-E7278100B392}" = lport=6928 | protocol=17 | dir=in | name=league of legends launcher |

"{7F54B560-FF4F-4601-85C8-B192C491E394}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7F77E695-DC41-4686-98F4-F2B5E13B5B10}" = rport=10243 | protocol=6 | dir=out | app=system |

"{8034CD24-CC8F-4A9D-8DC8-C09011CA9DB3}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |

"{83BC3DD0-01C6-40AA-B5BF-ACA61CCFEBF8}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |

"{8E8FDF46-6D2B-454F-B99A-38FBC09CCF9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8F67E40B-FDAF-4EEE-BAA5-3BFE0F27D56F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{939881B8-5C9B-4F35-8F63-EB8E1A933444}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |

"{94911056-B91A-4724-BC87-D18C9A6B5182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{95134863-F440-4E57-BBDB-CA692DB0F7B6}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |

"{96D835D6-9504-4B02-83FF-5ADCF0F86180}" = lport=6922 | protocol=6 | dir=in | name=league of legends launcher |

"{9A6E8CAA-39B0-45ED-885F-7AC287FB9406}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |

"{9C3CED75-811E-4FE3-8FB9-52925350EBEF}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |

"{9CA0809C-A2F1-475C-B924-C297332999B6}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |

"{9CE318FB-BE78-4D53-A306-581C54099075}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |

"{9EC0880C-0B2A-4848-81C6-51C7E362E94D}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |

"{9F98AAF1-197B-4B61-ADBF-E6B6192E0118}" = rport=137 | protocol=17 | dir=out | app=system |

"{A09DA124-6562-468B-AA93-6FB836B6720A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |

"{A582F8F0-D9EF-4B0F-B1DF-D08FD0CB775B}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |

"{AD524830-6843-4539-A7D2-6BDAF3911696}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |

"{AE8A3304-B6DF-45FD-B6D0-2A6A88CBC7C0}" = lport=445 | protocol=6 | dir=in | app=system |

"{B6160526-0C1C-48AD-939B-014FD9E31617}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B70F88EE-224A-45EE-89FF-555BAE3D5A47}" = rport=139 | protocol=6 | dir=out | app=system |

"{B84B509D-D111-4D70-864D-71C21453A45A}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher |

"{B944387B-A23E-4354-92F9-84461A455D62}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

"{B97D039C-9334-4007-860D-9EA238481983}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |

"{BA56CF25-B52D-4AB8-AA17-42E1D11E4032}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |

"{BE30846C-A8C5-4355-B29C-6DAD4F74EBC1}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |

"{BED0ABEF-8861-4BB3-BDEA-5D72E3BB277E}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |

"{C502D1B9-FF5E-488F-B55E-8EA52485BDEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C5B8E2D0-A9A5-4FDC-98C6-1D9BDDEED3ED}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

"{C8884F1E-4218-4571-A215-19E856C42BC7}" = lport=57380 | protocol=17 | dir=in | name=pando media booster |

"{CACB5C17-56F2-4A9E-B175-FCC0BA4C9F71}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |

"{CB1E4736-63BE-4A55-B8B7-0E6049706FAA}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |

"{CB3F25C8-B546-4DE0-885C-DC274601FC16}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher |

"{CEC71D52-12D8-4D73-9F0E-256305E9A35F}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |

"{D01048E4-A15A-4BD2-BE5D-12734983CB23}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher |

"{D4D29E1F-FB69-430A-9508-E4559D4AF997}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |

"{D4F497D0-09B4-4F71-B9BB-C7914AF1D110}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |

"{D63FCC9F-9FC6-47AC-ACB7-D49F514DCA62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D6C765E3-7B87-4AB1-A246-8DE09E9C219C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DA273A9B-30AF-4C8B-8208-34DAA4C2CC14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DB8DB83A-DAA8-43D8-B783-4A6667F7496E}" = lport=6928 | protocol=6 | dir=in | name=league of legends launcher |

"{DECA02A3-0314-4664-95C4-094E2C7C628F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E21C8839-47EA-4F50-9E3E-48BF51D03310}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

"{E2E9F973-5DDF-41AB-882B-9F0E452C4A97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E38972B8-97D3-4735-8737-9CECEC7DB8CC}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |

"{E7F4B034-F3C1-46FD-9608-317E71E60737}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E8F2F465-0854-49E1-AB6F-D03324DF8FDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ED501AC6-E2B8-41EB-9DF2-5B870C4D7EBF}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |

"{EFF67208-1C6A-4BBF-AFD9-2AF0EC4C716A}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |

"{F10E5EF9-2242-42DF-B390-ADD7B2C7AF95}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher |

"{F61BA53E-A4B5-4203-9A23-CAE7A436D036}" = lport=56674 | protocol=6 | dir=in | name=pando media booster |

"{F8C212BE-259E-4E50-8727-FAB45FEA5AF0}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00232818-B6DA-4F79-9FBF-8EE607F40F6F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{002DC75D-E245-4401-8CA4-5B11814FC501}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{00CB051F-1380-4C0B-83D0-D9109AB75675}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{02C513A0-0E58-404A-B4A8-1D8454AEB564}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0333E9B3-155A-4569-B474-CF8BD5D0D15F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike source\hl2.exe |

"{03675AE6-7C68-4341-B355-B4C9DF762A62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |

"{03F5CDB1-529C-4A32-BB8F-2A10D18D5C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{0861AD7B-874C-4AB9-9C7C-AB9B1857CB36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{08A9BE0E-2C0A-4D70-9D8E-9B5E86CE678F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{09B1EABA-1563-4D15-BEA3-FA0CC45607ED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{0BEECCEA-A78B-44FA-B1D4-C54188D58C77}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{0D51A0E5-DB52-433B-8BF7-8C12D02ED3E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{0D93B4B5-CF44-445C-87B8-CC0A53E45844}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{0F1DA4FC-2B4B-4BD2-93DF-D6546C588363}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{134C1832-F48D-4048-A305-06D18C04FE24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\mohmpgame.exe |

"{13D693F4-2320-4132-8B52-A542EE1EA3EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{173C00BB-AE96-41C5-BE84-F2714DF63C9A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{17A6B69B-E4FC-4698-9D26-3A252EA22098}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{18547ACE-0712-48B5-A8B6-C2B425519139}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{1BC3C5F0-C59E-45CE-AD9D-485640E20320}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{1C87D16C-3BA4-49DB-AE39-FA2C25B76089}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{1D3AED6B-D99E-4AF7-B925-2A31283C10CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1F152903-5415-4173-94A1-B6FD992B8161}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{201800C6-AF18-4352-9DFE-0ECD57968630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{246076E3-2DDC-4C14-93C0-C8D208C1DA5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2598B241-7D1D-488C-8E29-D33BB426008F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{26AB72E4-C803-451A-BE7D-67123EA45502}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2751A035-CDBE-4496-A05C-156F9A6D0AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{2860342C-C2CF-4537-BD38-6B20376E188B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{28C29864-32AD-4624-ACFE-150C27BF7324}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2945DA87-407C-4172-A78E-A50E90306F23}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2B174587-7609-4C19-9CFA-8B217BB0F6FF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{2B202108-EA7D-47FA-8223-ED518CEFF923}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{2B361AC3-CDA2-4D91-B61A-F45BC2D1D4DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{308BF3C1-0B16-4FBE-8E2F-2ACFD425616A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |

"{31712852-F241-4AAC-80D8-4685A5E9EC39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{329D674C-1A40-41C8-AFBA-D78FD41F1810}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{3584290C-1F19-4AFC-A63A-97B2B35BEE0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\mohmpgame.exe |

"{36D48229-EBC0-422C-BE12-B6203C46F0C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{3712AA4A-98A7-408F-955F-9E383EAE774B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike source\hl2.exe |

"{4184EFD7-62D2-4F10-9BAF-7E3154D552B8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{42C4D726-F489-4262-BD5F-3832D6594ED6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{448155CE-5C67-41C5-9284-CE0C804E296F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{469B0871-E9A2-4A05-A65D-9DF732242077}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{48AE96DA-21E1-47AF-80D3-7E0CBF6CC113}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4A8DD6E7-653A-4F84-AB03-59AE9692AA0C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{4AEC0EB9-B797-4F8F-8D71-4A27E07DB60A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{4CF32C94-E912-4EAC-A02D-A87C12873267}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike\hl.exe |

"{4DEB2021-6A8A-417C-ACAD-F00A58725C03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{4FD04887-80FF-463C-A49F-46DE4D76AEBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |

"{50551C93-F5BD-460F-BE30-725C957A9008}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{50FF3199-D622-4E01-9016-3EA78947787A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{51EEFA40-AC50-4DF5-81B7-AE94FAB06599}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{54B99996-337A-42A0-9339-3946DC9F388A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike\hl.exe |

"{56D45941-2C7E-4BD7-9617-994A1A7F8B85}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{57A2A422-492D-47FB-999C-F67435BB6B70}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{599678B2-DB9B-4C50-9A02-6FDE4CBBF107}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{5B7C2084-9862-450C-91B7-955F4DDCE943}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{5D367EB4-4396-4C29-A999-32A838E202B1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5D6407A2-D845-4F83-BA25-2E943B75AE25}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{5E34F01B-CB13-476C-87EC-0349FC12ACDF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{634DF2D4-8164-4470-ADB4-5FD690927675}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{653F0164-CA5F-441D-8B85-7F0B220B8E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{671FEDD8-F76E-4AA3-B6CE-C30FF1D6AFD8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |

"{683610B8-A57F-4608-959B-EC2A52F9DE57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"{6BED7DDC-25B3-4399-A20C-532A6E17AE9C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6C0333AB-0D66-4EDC-8FF4-EE5F800D6BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{6D02748D-0BAA-44F2-ADCD-96193D35EBBF}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{6E893F95-993F-4458-AB6A-87E416A6C0B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6FBE503D-7568-48B3-9154-CA8B26BB1C31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"{75BBE017-FA4B-470C-B6C1-892772F23508}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{7608311D-41BC-47AA-87A9-53727C6EFBAB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{7621DED1-6753-4230-A525-98EA72C86122}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{7670A82B-EA5A-4768-B227-B25CF7DED04E}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{77B3A873-F153-4734-B2C0-7480FBCED2D6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{77D6D379-562B-4501-8165-DCE7DD52BBB8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{77D9FE1C-7298-4A5A-82E8-B7EAED3C98FA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{7B2B6FA6-1D62-4684-94DB-6046DD21CD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{7B7305E1-CFB5-4917-8CD8-437AE4BFC787}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"{7BDF3890-C39C-4DF5-AD41-7CE73DB95B2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7BE36005-723B-40CF-A156-7A82CE826B92}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{7DB6F9CE-F344-466B-9827-86C5A8A4F819}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{7F747C0C-9414-4615-9366-9BABBB6AFC18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8148AECA-3A38-4255-A6FF-907DF1F0BA6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{83018E54-65EF-430E-B052-2D5CB7D02241}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{84CE6186-CF2A-492C-8AE9-DB023750947F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |

"{85E6CA7D-BCA8-4697-9889-A5473886C3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |

"{8964C0C0-0634-4D03-B54D-6056F898C33C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{89E40E23-51CD-46A4-93BF-786EAB4471F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{89E8C374-3DDB-42C6-9DD5-2A6BA0F93290}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{8A498E02-2364-4DB1-A147-D7B2416BBFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike\hl.exe |

"{8ABB5D6E-E478-48BD-A70C-5898A761A4BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{8CC07341-BA79-48BA-9733-D4471B0168E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm |

"{8FBE2132-1850-4815-9983-108625FA2110}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{91548936-A6F8-48E6-9838-D6474CBAA171}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{92E28E99-B03B-4C5E-B066-C929805CD39B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{92F5845D-0D02-402B-8DCE-69B103EF8764}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9484A775-DC84-4665-AB23-CEE4A80648F3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |

"{950D74A9-E895-4E16-989D-70D739CBF87C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9654D05F-3731-427C-98E6-F6DED53E5BB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9894E407-AF51-4806-A052-C865DFF0645C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{989EF398-212E-461F-B149-58D193AF4736}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{9DA7463E-6A83-4E06-9F87-39D5249CF1C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9F270CFB-9271-463C-B40A-46A80C8D93F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{9FEA57AA-0AC6-4DE5-94E6-377511BD5692}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A03433CD-ED50-4508-82E2-546B08A1179B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A1554ECD-A294-46F6-A3F9-B53BA967FDFC}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{A2EC8928-BF61-429B-9CE2-0264EBEA8F25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A99C4B9D-8968-4EE2-973E-D2FE1DCE5EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |

"{AA8D05EB-2A9D-40DF-9FBB-6859025AD13D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AAC8B12A-2C1F-4C0B-9D21-8B1238EA04A8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"{ABDC1DAE-C86C-4599-9AC6-D69EAC3707D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{AD42EC61-4A02-4538-9646-798E67A50735}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AE5572A7-0634-43BD-BEC7-F172066D98AD}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{B4BBC69F-9663-4A58-B825-6D2924AA1866}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{B64ACE25-4849-470F-B61F-361C9CCFA59C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{B6C3660C-109A-4388-BF6F-732E34B74FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{B78BE1D8-C631-47B4-8E31-8B1771A4D48B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{B7EE2D88-C6F6-4A92-B62D-18B866166FAE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BDDBCCF9-6C15-4EB3-AF37-9113C65637A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BE8953A6-1ED1-483A-8507-D20BF7942FC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C0DA9B52-41AF-49C1-A116-932E85A01AB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C174B95F-1001-41B5-B43F-C3F1D4A70A01}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{C250ED80-5276-444A-96A2-60938B0292AF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C2EA9F42-1008-410C-8BCC-6479C833EA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |

"{C4CB2E9A-E90A-4A68-A400-E767221ED738}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C5B71156-694B-4DAF-9B62-63CB3AE96DD9}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{C5CC7D21-7B83-4C99-81C7-021A5F7CC967}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C89230F3-9366-4919-94E5-6C4CD2282B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{C922EAA4-61DF-4C3E-929E-107E2E281BC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{CD24788D-83F0-4741-AB5A-826A58627CB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CE9CB4BE-3C1B-4441-BB14-F40FCEC5B3E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CFB0117D-479A-4012-8837-A77DB2AFA566}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe |

"{D48E19FA-AAAE-4120-A109-35ED9DEF2A5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D5CB9345-916F-4BEB-BAD5-D57F6FEA4707}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D795680A-8082-4596-BC79-E514D0270595}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{D8CF784D-06A2-40D8-8701-7E49DED6F079}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{D974D99E-C8C6-41E9-9A48-6E0A3119037B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"{D977EF7C-8D5A-4924-A00E-3B3067BDF3C5}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{DA88D03D-A0E5-496D-8309-41050DF54C74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DD579E95-52E4-4736-A13C-6A177726A554}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E080236C-9FEB-490A-BD50-BC50F674EC60}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |

"{E67F0D09-98F2-4B02-B971-1FAE7AB985ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E932F214-6A99-4883-9021-4FE93CB0FCC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike\hl.exe |

"{EBA00DAA-A16F-4CC0-ACD2-572E03E899A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{EC5C9214-99B6-4705-8D63-74FE4A51D81A}" = protocol=6 | dir=out | app=system |

"{EC925CF6-A342-4996-978C-695C80E91A9B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{ED63A2DC-1C52-469B-9AF5-9B889CA93A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |

"{EDF6424C-0E38-4D88-9FA5-3E4C0C70F85B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{EF1964A1-D71E-438E-B1FA-5CA08110F02C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{F023F75C-EB13-4F89-8FB3-6157570AE1A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F38D7344-E434-461F-AB0B-5BF9A846CBB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{F587B7C6-0A6D-4580-AA65-1C4C597ADFA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F66180F4-34C6-4508-BBB4-3D37C6948D1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F7DF37AD-AB68-43B5-8382-5D2C624588D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F84B3B2C-70FB-418A-AE28-4EA9176F1003}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{FA411ADD-5DAE-40C2-862B-4D8D6B1B9905}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{FC027BD4-A7FD-46F9-8EC8-1AFF436613A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FCD83B1E-5BD4-4068-8F4A-9686C608261F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{FDA65D32-B243-4D56-9E24-5E4A273B11AC}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{FE3F9B25-BED3-417B-9C71-A9947ECECE6E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"TCP Query User{35306CEE-6FA2-4FDC-B780-56CD644B5E1D}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |

"TCP Query User{68E427CF-35D5-4F12-9F93-945FFE59C6EE}C:\program files (x86)\steam\steamapps\mistahmon\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mistahmon\team fortress 2\hl2.exe |

"TCP Query User{793DA5B9-6A34-4CEA-9B68-8E490B745045}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"TCP Query User{7B46F2AE-280A-43AB-BA7D-08098E4711D6}C:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe |

"TCP Query User{9B38EE6B-80B3-4FE4-A9A6-EA7B90C9B6BF}C:\program files (x86)\xerocreative\yvd\yugioh virtual desktop 9_1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xerocreative\yvd\yugioh virtual desktop 9_1.exe |

"TCP Query User{A232FBF8-04D3-4FEC-84EE-40F99A43431E}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"TCP Query User{A61EFEBB-3358-422C-8EF1-C334F4986955}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"TCP Query User{B9764723-FC33-4C48-9F83-5C803DD2919E}C:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe |

"TCP Query User{CA72BEB5-7550-4972-944A-4F10AFEEFE55}C:\program files (x86)\kaiba corp vds\kcvds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaiba corp vds\kcvds.exe |

"TCP Query User{D8D4370C-84D1-4BD5-A8FA-8E37745DE11C}C:\program files (x86)\kaiba corp vds2\kcvds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaiba corp vds2\kcvds.exe |

"UDP Query User{2D5E048C-7190-4DF9-A8DE-E01BD60ED224}C:\program files (x86)\kaiba corp vds\kcvds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaiba corp vds\kcvds.exe |

"UDP Query User{39A0EBF8-737D-4A1E-BDB4-50075096FE0A}C:\program files (x86)\steam\steamapps\mistahmon\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mistahmon\team fortress 2\hl2.exe |

"UDP Query User{3F12BE76-7937-4686-8F4B-31E3758925CE}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"UDP Query User{436F706F-222B-491A-96E1-3443148DC14E}C:\program files (x86)\xerocreative\yvd\yugioh virtual desktop 9_1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xerocreative\yvd\yugioh virtual desktop 9_1.exe |

"UDP Query User{4B5A7C17-62D7-404C-AB5B-BC266CEEC80C}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"UDP Query User{64052DC6-289E-498B-9A0F-3FC05D3B42B6}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"UDP Query User{6AC73622-95D3-49A3-A144-0C0CC9DBD80B}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |

"UDP Query User{B6FDD828-2DA3-48D7-85E8-9A2A7D1951AF}C:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe |

"UDP Query User{CFED86A1-C2DA-4600-93F3-9FB71620E2A2}C:\program files (x86)\kaiba corp vds2\kcvds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaiba corp vds2\kcvds.exe |

"UDP Query User{D1718AE6-2F51-479D-B60A-7D015E45AD01}C:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat

"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)

"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55

"EVGA E-LEET TUNING UTILITY_is1" = EVGA E-LEET TUNING UTILITY 1.05.3

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.53

"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0

"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Afterburner" = MSI Afterburner 2.1.0

"AIM_7" = AIM 7

"Any Video Converter_is1" = Any Video Converter 3.2.2

"Audacity_is1" = Audacity 1.2.6

"Battlelog Web Plugins" = Battlelog Web Plugins

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora

"dBpowerAMP Music Converter" = dBpowerAMP Music Converter

"Diablo III" = Diablo III

"DVD Shrink_is1" = DVD Shrink 3.2

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESN Sonar-0.70.0" = ESN Sonar

"ESN Sonar-0.70.4" = ESN Sonar

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FileASSASSIN" = FileASSASSIN

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"GunboundIS_is1" = GunboundIS

"hon" = Heroes of Newerth

"ImgBurn" = ImgBurn

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"Kaiba Corp VDS_is1" = Kaiba Corp Virtual Duel System 1.26

"MapleStory" = MapleStory

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton Security Suite

"NJStar Chinese WP" = NJStar Chinese WP

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ObjectDock Free" = ObjectDock Free

"Origin" = Origin

"PPLive" = PPTV V3.0.2.0009

"PunkBusterSvc" = PunkBuster Services

"ShiftWindow_is1" = ShiftWindow 1.02

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SpeedFan" = SpeedFan (remove only)

"Spyware Doctor" = Spyware Doctor 7.0

"Steam App 10" = Counter-Strike

"Steam App 1530" = Multiwinia

"Steam App 240" = Counter-Strike: Source

"Steam App 24860" = Battlefield 2

"Steam App 47770" = Medal of Honor Beta

"Steam App 550" = Left 4 Dead 2

"Steam App 630" = Alien Swarm

"Steam App 65800" = Dungeon Defenders

"TeamViewer 5" = TeamViewer 5

"TeamViewer 6" = TeamViewer 6

"TeamViewer 7" = TeamViewer 7

"TextMaker Viewer" = TextMaker Viewer

"Video Mover_is1" = Video Mover

"VideoGet_is1" = Nuclear Coffee - VideoGet

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1325494298-641319619-2425575681-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Gas Properties" = Gas Properties

"Google Chrome" = Google Chrome

"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/20/2012 4:22:38 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6d7be36c Faulting

process id: 0x1b18 Faulting application start time: 0x01cd4eba0b32056a Faulting application

path: c:\program files (x86)\steam\steamapps\ipwnyoohxd\counter-strike source\hl2.exe

Faulting

module path: filesystem_steam.dll Report Id: 180450fc-bab1-11e1-851a-001fbc091f29

Error - 6/20/2012 7:41:34 PM | Computer Name = Aaron-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 13.0.1.4548 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1670 Start

Time: 01cd4f3cfba55f2f Termination Time: 27 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 760419e7-bb31-11e1-b5b1-001fbc091f29

Error - 6/21/2012 7:26:34 PM | Computer Name = Aaron-PC | Source = Application Hang | ID = 1002

Description = The program chrome.exe version 19.0.1084.56 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: f70 Start

Time: 01cd4fec4e9f05cc Termination Time: 31 Application Path: C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

Report

Id: 7f9afb81-bbf8-11e1-aa90-001fbc091f29

Error - 6/27/2012 9:06:04 PM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4fd10b64 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fd10baa Exception code: 0xc0000005 Fault offset: 0x68b6e3c9 Faulting

process id: 0x1458 Faulting application start time: 0x01cd54c8bbb257e2 Faulting application

path: c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe

Faulting

module path: filesystem_steam.dll Report Id: 6e8ad6db-c0bd-11e1-aad5-001fbc091f29

Error - 6/28/2012 5:42:31 PM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time

stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.1.0.4880, time

stamp: 0x4eb75fb9 Exception code: 0xc0000005 Fault offset: 0x00505cd1 Faulting process

id: 0x55c Faulting application start time: 0x01cd55712dfe276a Faulting application

path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.154\deploy\LolClient.exe

Faulting

module path: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.154\deploy\Adobe

AIR\Versions\1.0\Adobe AIR.dll Report Id: 296586a6-c16a-11e1-b1e5-001fbc091f29

Error - 7/3/2012 12:05:18 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ff1ec29 Exception code: 0xc0000005 Fault offset: 0x626fe279 Faulting

process id: 0x2358 Faulting application start time: 0x01cd58ce52a3846c Faulting application

path: c:\program files (x86)\steam\steamapps\ipwnyoohxd\team fortress 2\hl2.exe

Faulting

module path: filesystem_steam.dll Report Id: 4c9d099f-c4c4-11e1-9fec-001fbc091f29

Error - 7/4/2012 4:30:46 PM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Faulting module name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Exception code: 0xc0000005 Fault offset: 0x0020ef4d Faulting process

id: 0x1e54 Faulting application start time: 0x01cd5a23e3f0c516 Faulting application

path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Faulting

module path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Report

Id: 2207468c-c617-11e1-b04e-001fbc091f29

Error - 7/5/2012 3:42:05 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Faulting module name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Exception code: 0xc0000005 Fault offset: 0x0020ef4d Faulting process

id: 0x1238 Faulting application start time: 0x01cd5a81abe2fbad Faulting application

path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Faulting

module path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Report

Id: ea000ceb-c674-11e1-8a58-001fbc091f29

Error - 7/5/2012 3:42:22 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Faulting module name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Exception code: 0xc0000005 Fault offset: 0x0020ef4d Faulting process

id: 0x5b4 Faulting application start time: 0x01cd5a81b65d5393 Faulting application

path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Faulting

module path: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

Report

Id: f410cc06-c674-11e1-8a58-001fbc091f29

Error - 7/8/2012 4:34:04 AM | Computer Name = Aaron-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc100 Faulting module name: MSHTML.dll, version: 9.0.8112.16440, time

stamp: 0x4eb31d5a Exception code: 0xc0000005 Fault offset: 0x001d9616 Faulting process

id: 0x158c Faulting application start time: 0x01cd5ce3950597ba Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\MSHTML.dll

Report

Id: ac88c881-c8d7-11e1-b027-001fbc091f29

[ System Events ]

Error - 7/8/2012 7:03:02 AM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 7 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 7:03:02 AM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 1 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 0 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 4 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 6 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 2 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 5 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 3 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 7 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

Error - 7/8/2012 2:25:21 PM | Computer Name = Aaron-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35

Description = Performance power management features on processor 1 in group 0 are

disabled due to a firmware problem. Check with the computer manufacturer for updated

firmware.

< End of report >

Share this post


Link to post
Share on other sites

on another note, my norton is not picking up any hack attempts after i killed it off with malwarebytes. however i did get bsod when booting up on that restart. i had to windows restore to boot it up. its gone? i still feel suspicious though

Share this post


Link to post
Share on other sites

Backdoor does not go away so easy. Is this log file from before or after system restore? Should be generated after the restore.

Share this post


Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1325494298-641319619-2425575681-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
    [2012/01/10 17:16:16 | 000,002,048 | -HS- | C] () -- C:\Users\Aaron\AppData\Local\{5af1901e-2a54-7fba-ac6e-a60e31a1d6da}\@

    :files
    C:\Users\Aaron\AppData\Local\{5af1901e-2a54-7fba-ac6e-a60e31a1d6da}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.