Jump to content

Recommended Posts

Hi there,

I'm sorry - I've spent days trying to figure this out, but I've had no luck.

Earlier in the year (early July), I stepped out for lunch and a coworker installed some BlackBerry backup software ("MagicBerry") onto my machine. Along with it came an annoying "appbario8" search toolbar in all of my browsers. I removed it as best I could in the browser settings for Chrome, FF, and IE.

Fast forward to two weeks ago when it suddenly makes a comeback. Somehow, an instance of Chrome is booting on my Windows startup with appbario8 installed, even though Chrome isn't in my list of startup processes. This has never happened before two weeks ago. If I delete the extension, it has "grown back" on the next boot.

I've checked my startup processes, as well as Add/Remove Programs. I've been through my C:/ drive with a magnifying glass... but I've not come up with anything to fix the issue.

Another interesting thing is that this instance of Chrome appears separate from the one I have pinned to the taskbar. Clicking the pinned Chrome opens a regular instance (Google default search, no appbario8 extension, no toolbar, previous tabs), and the two instances don't merge on the taskbar, as two windows of the same program typically would.

I found 3 "events.js" files in a Uninstall Information folder on C:/. I've attached one as "events.txt", as they seem VERY suspect and might shed some light as to how to get this program off.

I've moved the "Uninstall Information" folder off of my C drive and deleted a folder in Program Files (x86) called Conduit. I know that I should have waited to do this - sorry if it makes this harder at all. ("Conduit" is a search utility synonymous with appbario8, as far as I can tell)

Thank you so much. I look forward to hearing back from you.

R

ps - I apologize for the bloated Programs list, I didn't realize how absurd the number of games I've bought is until scanning through...

attach.txt

dds.txt

events.txt

Link to post
Share on other sites

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Open Malwarebytes, check for updates then run Full scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links..

http://www.malwarebytes.org/mbam.php

http://www.softpedia...i-Malware.shtml

http://www.majorgeek...ware_d5756.html

Double Click mbam-setup.exe to install the application.

mbamicontw5.gif Please download

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post both logs...

Kevin

Link to post
Share on other sites

Hi Kevin,

Thanks so much for the quick response. I ran adwcleaner and I've pasted the log below. Strangely, it appears to have made the problem worse. When I rebooted, the instance of Chrome without my bookmarks etc. still loaded on startup with appbario8. When I clicked to open my "untouched" Chrome, however, it sent the alert "Your preferences file is corrupt or invalid. Google Chrome is unable to recover your settings"". All of my open tabs were lost, and now the only extension on there is appbario8! I can re-sync with my Google account, but would rather avoid that until I know my system is clean. For now I've switched to Firefox.

Here is the adwcleaner log (AdwCleaner[s1].txt):


# AdwCleaner v2.100 - Logfile created 12/14/2012 at 13:12:28
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Riley - RILEY
# Boot Mode : Normal
# Running from : C:\Users\Riley\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\bprotector_prefs.js
File Deleted : C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\searchplugins\bProtect.xml
File Deleted : C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\searchplugins\Conduit.xml
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Riley\AppData\Local\Conduit
Folder Deleted : C:\Users\Riley\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidekick Manager
Folder Deleted : C:\Windows\SysWOW64\Sidekick Manager

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\prefs.js

C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13")[...]
Deleted : user_pref("avg.install.userSPSettings", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]
Deleted : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "appbario8 Customized Web Search");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=48"[...]
Deleted [l.3863] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=48" ]

-\\ Opera v12.10.1652.0

File : C:\Users\Riley\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4147 octets] - [14/12/2012 13:12:28]

########## EOF - C:\AdwCleaner[S1].txt - [4207 octets] ##########

Here is the Malwarebytes Full Scan log:


Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.13.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Riley :: RILEY [administrator]
Protection: Enabled
14/12/2012 1:19:39 PM
mbam-log-2012-12-14 (15-49-18).txt
Scan type: Full scan (C:\|D:\|M:\|N:\|Z:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1195980
Time elapsed: 2 hour(s), 22 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Thanks again,

R

Link to post
Share on other sites

AdwareCleaner is not showing appbario8 removal or presence in Chrome, only removal from FireFox? OK run the following OTL scan let me see what logs produce:

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Thank you....

Link to post
Share on other sites

Thanks Kevin,

OTL.txt:


OTL logfile created on: 14/12/2012 5:19:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Riley\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 41.28% Memory free
12.00 Gb Paging File | 8.81 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): n:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 4.12 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 582.31 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive N: | 1862.91 Gb Total Space | 235.82 Gb Free Space | 12.66% Space Free | Partition Type: NTFS

Computer Name: RILEY | User Name: Riley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/12/14 17:17:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Riley\Desktop\OTL.com
PRC - [2012/12/10 22:20:47 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/11/28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/18 15:13:33 | 004,275,992 | ---- | M] (Code Systems Corporation) -- C:\Program Files (x86)\Spoon\3.33.3.13\Spoon-Sandbox.exe
PRC - [2012/10/10 23:18:37 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Riley\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/11 18:59:32 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/29 08:59:30 | 008,180,224 | ---- | M] () -- N:\Workspace\xampp\mysql\bin\mysqld.exe
PRC - [2012/06/06 07:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- N:\Workspace\xampp\apache\bin\httpd.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Riley\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/22 06:06:30 | 002,533,040 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\Fraps\fraps.exe
PRC - [2011/03/22 23:38:33 | 000,240,541 | ---- | M] () -- N:\My Media\Other\Programs\MediaKeys.exe
PRC - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- N:\My Media\Other\Programs\Prey\platform\windows\cronsvc.exe
PRC - [2010/12/17 20:16:02 | 001,519,616 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2010/04/22 14:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2010/01/18 21:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 06:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 13:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 13:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Riley\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/17 15:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2008/03/25 16:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/12/10 22:20:46 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/09 19:25:07 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9d1558dc7461282dca5d16909b245476\System.Web.Services.ni.dll
MOD - [2012/12/08 14:32:47 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/12/08 14:07:09 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/12/08 14:07:08 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012/12/08 14:06:58 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012/12/08 14:06:51 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012/12/08 14:06:46 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/12/08 14:06:43 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/12/08 14:06:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/12/08 14:06:36 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/12/08 14:06:31 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/10/10 23:18:36 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/22 23:38:33 | 000,240,541 | ---- | M] () -- N:\My Media\Other\Programs\MediaKeys.exe
MOD - [2010/08/15 13:34:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
MOD - [2010/04/20 12:55:32 | 002,334,791 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
MOD - [2010/04/16 10:38:30 | 000,344,131 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll
MOD - [2010/04/14 13:44:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
MOD - [2010/04/13 12:38:16 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
MOD - [2010/04/07 14:35:14 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll
MOD - [2010/04/02 15:04:20 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
MOD - [2010/03/12 04:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll
MOD - [2010/03/12 04:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll
MOD - [2010/01/12 16:09:20 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
MOD - [2009/12/22 15:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
MOD - [2009/10/21 13:07:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Riley\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008/05/07 14:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
MOD - [2008/03/25 16:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
MOD - [2003/02/14 13:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:[b]64bit:[/b] - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:[b]64bit:[/b] - [2009/12/21 09:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/10 22:20:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/06 11:48:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 14:30:49 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 08:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- N:\Workspace\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012/06/06 07:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- N:\Workspace\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012/05/15 22:45:42 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvchost)
SRV - [2011/12/10 13:13:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- N:\My Media\Other\Programs\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/18 21:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/15 13:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/17 15:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:[b]64bit:[/b] - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/06/26 20:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2012/05/22 13:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/08/02 15:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/01/18 08:47:48 | 000,004,608 | ---- | M] (JJS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pspdisp_x64.sys -- (pspdisp)
DRV:[b]64bit:[/b] - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:[b]64bit:[/b] - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/10/30 00:36:10 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2010/04/22 14:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:[b]64bit:[/b] - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010/01/27 03:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009/12/21 09:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:[b]64bit:[/b] - [2009/12/21 09:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:[b]64bit:[/b] - [2009/11/20 06:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2009/11/20 06:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009/08/13 07:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 19:06:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHPRINT.SYS -- (BTHprint)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2012/12/14 13:14:19 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/12/14 13:13:59 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 64 11 D1 11 D3 CD 01 [binary data]
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3219339476-703394672-256516966-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>


[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.0.4
FF - prefs.js..extensions.enabledAddons: livereload%40livereload.com:2.0.8
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Program Files (x86)\Spoon\3.33.3.13\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Riley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Riley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/10 22:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/10 22:20:45 | 000,000,000 | ---D | M]

[2012/02/03 02:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Extensions
[2012/12/14 13:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions
[2012/08/20 13:18:31 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/11/11 14:41:33 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\https-everywhere@eff.org
[2012/12/14 13:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\staged
[2012/12/14 13:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\trash
[2012/12/14 13:20:23 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\firebug@software.joehewitt.com.xpi
[2012/02/29 11:12:50 | 000,224,872 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/05/09 20:59:48 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012/10/25 14:12:53 | 000,024,682 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\livereload@livereload.com.xpi
[2012/11/05 18:14:58 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2012/12/10 22:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/13 10:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/10 22:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/10 22:20:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/24 14:14:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 03:08:02 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Program Files (x86)\Spoon\3.33.3.13\npMozillaSpoonPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Riley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Riley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: appbario8 = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\2.3.15.10_0\
CHR - Extension: appbario8 = C:\Users\Riley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\2.3.18.20_0\

O1 HOSTS File: ([2011/02/13 18:21:23 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "N:\My Media\Other\Programs\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [Akamai NetSession Interface] C:\Users\Riley\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [AlarmWiz] C:\Program Files (x86)\AlarmWiz\alarmwiz.exe startup File not found
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [F.lux] C:\Users\Riley\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [Facebook Update] C:\Users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3219339476-703394672-256516966-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Riley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Talk.to (Beta).lnk = C:\Users\Riley\AppData\Roaming\talk.to\Talk.to.starter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C6463C3-86AB-4FAD-86F2-E3872EB72F2F}: DhcpNameServer = 64.71.255.198 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F6F949-7325-4B5C-A310-AAEE3CC5BC6B}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/12/14 17:18:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Riley\Desktop\OTL.com
[2012/12/14 13:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/14 13:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/14 13:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/14 13:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/14 13:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/14 01:58:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Riley\Desktop\dds.scr
[2012/12/14 01:46:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/12/13 19:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
[2012/12/11 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Roaming\.anomos
[2012/12/11 12:07:57 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2012/12/11 12:07:57 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2012/12/11 12:07:57 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2012/12/11 12:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anomos
[2012/12/10 22:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/10 12:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/06 00:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/04 13:18:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/04 13:18:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/04 13:18:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/04 13:18:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/04 13:18:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/04 13:18:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/04 13:18:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/04 13:18:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/04 13:18:42 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/04 13:18:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/04 13:18:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/04 13:18:42 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/04 13:18:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/04 13:18:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/04 13:18:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/04 13:15:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/04 13:15:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/04 13:15:22 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/04 13:15:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/04 13:03:59 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/12/04 13:03:59 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/12/04 13:03:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/12/04 13:03:54 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/12/04 13:03:53 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/12/04 13:03:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/12/04 13:03:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/12/04 13:03:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/12/04 13:03:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/12/04 13:03:46 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/04 13:03:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/12/03 22:55:54 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Local\{752D916B-8E65-44A8-9265-A37522240D6E}
[2012/11/28 23:48:53 | 000,000,000 | ---D | C] -- C:\Users\Riley\nvvp_workspace
[2012/11/27 20:57:04 | 000,000,000 | ---D | C] -- C:\Users\Riley\AppData\Local\NVIDIA Corporation
[2012/11/27 13:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA GPU Computing Toolkit
[2012/11/26 15:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/11/26 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/11/26 15:49:47 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/26 15:49:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/12/14 17:17:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Riley\Desktop\OTL.com
[2012/12/14 17:14:17 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/12/14 17:10:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/14 13:57:25 | 000,819,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/14 13:57:25 | 000,691,500 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/14 13:57:25 | 000,129,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/14 13:21:06 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 13:21:06 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 13:14:19 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012/12/14 13:14:19 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/12/14 13:14:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 13:13:59 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/12/14 13:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/14 13:11:46 | 000,545,819 | ---- | M] () -- C:\Users\Riley\Desktop\adwcleaner.exe
[2012/12/14 01:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Riley\Desktop\dds.scr
[2012/12/10 22:00:13 | 000,000,915 | ---- | M] () -- C:\Users\Riley\Desktop\text.html
[2012/12/08 11:01:11 | 000,001,456 | ---- | M] () -- C:\Users\Riley\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/12/07 05:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/06 11:48:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/06 11:48:48 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/04 17:20:24 | 005,722,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/01 19:58:13 | 000,000,254 | ---- | M] () -- C:\Users\Riley\Desktop\test.html
[2012/11/29 20:32:27 | 000,033,280 | ---- | M] () -- C:\Users\Riley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 14:01:51 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2012/11/26 15:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/11/26 15:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/12/14 13:12:03 | 000,545,819 | ---- | C] () -- C:\Users\Riley\Desktop\adwcleaner.exe
[2012/12/10 18:57:06 | 000,000,915 | ---- | C] () -- C:\Users\Riley\Desktop\text.html
[2012/12/10 12:05:06 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/10 12:05:06 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/04 13:15:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/01 19:49:23 | 000,000,254 | ---- | C] () -- C:\Users\Riley\Desktop\test.html
[2012/11/29 01:27:18 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012/11/29 01:26:48 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/11/29 01:26:35 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012/11/29 01:23:17 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012/11/26 15:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/11/26 15:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/11/26 15:49:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/14 11:58:58 | 000,001,456 | ---- | C] () -- C:\Users\Riley\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/07/10 00:37:16 | 000,004,096 | ---- | C] () -- C:\Users\Riley\pomodairo-1.1.db
[2012/06/25 18:32:03 | 000,000,132 | ---- | C] () -- C:\Users\Riley\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/04/23 14:16:09 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/23 14:16:09 | 000,000,993 | ---- | C] () -- C:\Windows\unins000.dat
[2012/04/21 19:06:06 | 000,000,600 | ---- | C] () -- C:\Users\Riley\AppData\Local\PUTTY.RND
[2012/03/13 10:58:50 | 000,000,939 | -H-- | C] () -- C:\Users\Riley\.gitk
[2012/03/12 22:59:30 | 000,000,106 | ---- | C] () -- C:\Users\Riley\.gitconfig
[2012/03/12 22:39:25 | 000,002,624 | ---- | C] () -- C:\Users\Riley\_viminfo
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/13 18:10:53 | 000,001,456 | ---- | C] () -- C:\Users\Riley\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/13 17:37:08 | 000,000,132 | ---- | C] () -- C:\Users\Riley\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/06 01:50:11 | 000,000,132 | ---- | C] () -- C:\Users\Riley\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/29 03:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/28 20:48:28 | 000,291,240 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/03/24 14:35:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/24 14:28:12 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/23 10:13:52 | 000,000,279 | ---- | C] () -- C:\Windows\SysWow64\MediaKeys Config.ini
[2011/03/02 05:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/01 01:44:34 | 000,000,438 | RHS- | C] () -- C:\Users\Riley\ntuser.pol
[2011/02/13 16:56:40 | 000,000,000 | ---- | C] () -- C:\Users\Riley\[output_file]
[2011/02/13 16:56:04 | 000,000,000 | ---- | C] () -- C:\Users\Riley\square.lst
[2010/10/22 02:09:47 | 000,007,605 | ---- | C] () -- C:\Users\Riley\AppData\Local\Resmon.ResmonCfg
[2010/09/20 15:50:50 | 000,000,036 | ---- | C] () -- C:\Users\Riley\.org.eclipse.epp.usagedata.recording.userId
[2010/09/14 17:00:30 | 000,033,280 | ---- | C] () -- C:\Users\Riley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/14 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Stardock
[2012/12/11 12:08:09 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\.anomos
[2012/09/15 11:50:14 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\.purple
[2011/10/21 00:14:36 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\2012IGFPIRATEKART
[2010/09/17 10:50:00 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Ableton
[2010/11/02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Arduino
[2010/11/03 23:06:18 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\AVG10
[2012/02/03 13:58:02 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2011/07/05 23:45:29 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Beat Hazard
[2011/09/09 23:15:19 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Braid
[2011/07/01 02:32:48 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Broken Rules
[2011/02/16 08:22:57 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/12 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Chime
[2011/10/21 01:19:52 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Clickteam
[2011/03/23 00:46:28 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\com.caffeinatedmind.Sendoid
[2011/12/16 13:35:28 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2011/10/12 13:06:21 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\com.roland.FriendJam
[2011/06/08 00:07:49 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\cYo
[2010/10/30 00:41:37 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\DAEMON Tools Lite
[2011/11/23 12:12:46 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\digipen
[2012/12/14 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Dropbox
[2012/11/11 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\FileZilla
[2012/06/11 22:05:06 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\GitHub
[2011/08/22 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Hobbyist Software
[2012/01/25 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\ImgBurn
[2011/10/02 07:40:10 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\LiveReload
[2011/09/29 18:46:47 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\LucasArts
[2012/03/15 11:30:04 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\MonoDevelop-Unity
[2011/06/20 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\MotioninJoy
[2011/01/28 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Notepad++
[2012/11/06 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Opera
[2011/04/07 01:25:13 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\PACE Anti-Piracy
[2012/10/11 18:52:33 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\PDAppFlex
[2011/12/14 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Polynomial
[2012/07/10 00:37:17 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1
[2011/06/09 00:23:24 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\PSPdisp
[2012/04/02 19:49:47 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Publish Providers
[2012/03/12 22:04:23 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Python-Eggs
[2011/10/21 00:43:18 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\RenPy
[2012/06/05 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Sony
[2012/04/03 01:03:23 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Sony Creative Software Inc
[2011/02/13 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/07 14:32:21 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Stardock
[2012/10/02 06:32:46 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Sublime Text 2
[2012/01/12 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\System
[2012/12/14 13:14:03 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\talk.to
[2012/03/08 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Titanium
[2012/12/11 12:20:31 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\tixati
[2012/02/08 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Ubisoft
[2012/03/15 11:38:12 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\Unity
[2011/07/12 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\VertexDispenser
[2012/01/12 15:27:01 | 000,000,000 | -HSD | M] -- C:\Users\Riley\AppData\Roaming\wyUpdate AU
[2012/12/10 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Riley\AppData\Roaming\XBMC

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1342 bytes -> C:\Program Files (x86)\Common Files\System:DmSQg13WdfyoO0w76sk3HV1r
@Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:fYsWylI6SX7uFLushA5YhXTagK
@Alternate Data Stream - 1215 bytes -> C:\ProgramData\Microsoft:ch7hHEJPtCiloaIaRvlbf

< End of report >

Link to post
Share on other sites

Extras.txt (part 1):


OTL Extras logfile created on: 14/12/2012 5:19:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Riley\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 41.28% Memory free
12.00 Gb Paging File | 8.81 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): n:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 4.12 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 582.31 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive N: | 1862.91 Gb Total Space | 235.82 Gb Free Space | 12.66% Space Free | Partition Type: NTFS

Computer Name: RILEY | User Name: Riley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.js [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F8803C-9C14-4542-A4DD-90048870B676}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1A6D53CC-C18F-4E48-9C56-BDC0009672EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C243283-5B1F-4D7A-81D9-161DB13CB520}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1DD15CFA-04C8-4AC9-8E88-3C6D669A2125}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{217727D2-8693-4A74-A44B-1045818B8338}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26F9A104-12F7-4D57-A3F5-27EBB1200836}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A08F358-96B2-486B-9B73-D19156496335}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3B1F122A-55FC-4D5D-8B38-E0824010B432}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FEA2C59-4A48-4825-9ADA-27C341331E89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51EC8864-D0F9-473C-8009-4BBFBC3C847D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{55129278-9506-4199-A8F9-F42EA59AE092}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BF7E86D-6CC9-4043-83BA-D08AE045CA67}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DE5CC73-5F03-4EA9-8B4A-3C7261021FF8}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62500959-6A5F-4C6D-AC09-5D938BB68468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A576C59-3280-4FF2-BC1E-A42F8D0F79C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C29380C-A11B-4E3E-950F-F4903012F79F}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C598DCB-65D2-4802-A019-0D5589B35A3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71037C4C-2F8F-46FA-B2DB-34AC7DEB0474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72BE9136-8B36-4EC6-80F6-F0EEC6C9592E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{771BB94E-BED7-47A5-8C7D-EC4E1376F754}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77F5F76D-3E25-47FF-B05C-EEA507B2F117}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{790B97F1-0C4A-404F-82E1-5D7CD2FF0FB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EDFA171-E60E-46B4-9996-DA6374851D54}" = rport=137 | protocol=17 | dir=out | app=system |
"{816ED4E5-3E40-40E2-9FA2-27025971297F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87412384-AF20-4B65-B50B-0EBBEBE755A0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8751114A-ADBD-4E5E-B2EA-E9745281A6D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884F3877-5EF1-4667-A01A-5EF8277DDB1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{8CF4D44A-F10B-4897-A934-906E38B7C971}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8E831ECC-6AB3-4A1E-B577-AF2080CA1CBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8EF55585-88ED-4E60-9B47-7DE30C4DA187}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{91F95270-293A-4E65-A33D-33529D5B34EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{990627F4-8356-4391-BAF7-FBAEB539FF97}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A45AE1C-E6EA-4E5A-ADB1-30145295EE1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F0B7611-C404-4837-B474-9085A4A031A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A57796AC-52CD-4806-B026-166A26C9DEEB}" = lport=7682 | protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe edge inspect\edgeinspect.exe |
"{A57DC4BB-671E-4C4D-8DA9-C7582C734266}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A6A28BE4-53CE-4340-85DC-31F215043010}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AB422DB7-48C9-40EB-8580-1F66EC07A6A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC655434-466E-4FBB-AE30-052DF5F9E067}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AD539CFB-83D7-44BC-AB67-11D47EDE6C57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4D0A77C-DB68-4CAF-BEF6-20E0B15F66C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B81DD549-B59A-4C87-8EA4-5219AAD61903}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC9EA7F9-54BB-494D-966C-789638F296E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEC67A64-A344-42F1-BBE2-8A3CF177998B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1EEF93D-D2DC-43A3-B294-8EA1B63F925D}" = lport=17584 | protocol=6 | dir=in | app=n:\my media\other\programs\pspdisp\bin\app\pspdisp.exe |
"{D2D3183D-1C4C-4798-9E07-A6DBAA70B99F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D7D8E885-15D4-4CCF-ACA2-0911ADB075A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC2C0D65-660A-4DE7-9617-13CF719BFF36}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDFB0500-0CAB-4D8A-8E6F-AC3B35B699CE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E08EE3AE-5DA2-4F64-B07E-A26BDB07776A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E134FC05-0B44-4A6E-85B2-5F6416362628}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E540C6C7-2717-4983-8F64-6E1894A88D42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E90BBB7A-B45D-4516-A54D-0824BEF312A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E976BAEC-4649-403C-9931-EF28FCBEC001}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBEBE5DF-73AF-4788-B014-3C5FF6748F85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDCAEC2A-08A7-440D-88B7-89BF4477EB6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFCDF4E5-E48D-4B97-87D2-47E903EE8521}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F010A6A2-7AC1-4F7B-BDC3-53146A2B5D52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F567B6BF-FE82-41FA-8233-A14562E131BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{F73D9314-E8C3-4DC4-B083-6166EAD861D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8FD0C48-784C-4428-BD3F-94F7CB6BF221}" = lport=137 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025F894-7A7A-4B5A-95F6-10EB29D2335C}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{01167F74-0E93-4ECF-BC57-1ADFC5D3F7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03126D28-BC62-4078-925B-F0DF925532F1}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{03FFB8C6-3B9E-4A12-B663-EF28B5370F3D}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beat hazard\runme.exe |
"{049C48A2-421B-4D61-885A-17949C84EC57}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\riven\riven.exe |
"{04BFC13A-8D35-4C8A-A856-1DCC132AE36F}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe |
"{057D522B-FB17-423E-8C74-45E568EFF3E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{05B2614D-D93D-49F7-9F66-52DF92AF81DD}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\vertex dispenser demo\vertex dispenser demo.exe |
"{05D57050-8C9B-46E5-9625-7620219AF303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{071A86C9-0EC0-4B27-87C5-1E75AEBE95CE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{093108D2-20AE-4A12-B3A6-842689609280}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{09ADD63B-7101-4F7C-838B-BD2349F31CBE}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{09D41027-9A86-49EE-930A-D8F5693796E4}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{0C3B51BC-3420-4568-A8E5-D6D56DBAE36C}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{0D4A3776-0551-46D3-8C3E-97ED77AAD6EB}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\portal2.exe |
"{0D9ACA52-618A-46C4-BF22-15F1F9CF1A0E}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\portal2.exe |
"{0FAB6157-7133-44B7-BFDD-E3062FD5F1B0}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\peggle deluxe\peggle.exe |
"{107BE817-F72B-4A25-9638-D276E2D7FDB5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space\dead space.exe |
"{114CD5CC-DA96-486A-B671-E92172808411}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\galcon fusion\galconfusion.exe |
"{1163BF6D-3ADC-459E-A0C5-8EBFE26A750A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{116B214C-3EC4-42FB-86DE-1AF2998E8C27}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\srcds.exe |
"{11A1ADC7-B18F-4C12-A1A6-262BAE9367F7}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{1201D542-7B0B-484F-9C84-31CA57216266}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
"{12D389AF-A2A3-42D6-AAA8-2493E2ACDBAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{12D3C100-4D9E-4450-9DA8-D57C38523655}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe |
"{139BA305-B013-4C71-8F1D-6C265EFA8EB5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\vertex dispenser demo\vertex dispenser demo.exe |
"{14CDADCA-668F-480D-8353-723F09676E52}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1586C2DE-5C30-4725-981D-2C29CD5FC6A1}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bit.trip runner\runner.exe |
"{168EA36A-BBD2-4363-8457-052CE7C275D5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{1724C60D-4A65-4658-8FFE-5D247EF3A557}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bastion\bastion.exe |
"{1757AABF-4581-4531-BE69-E932C8DF3E92}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{17BF6C76-055A-48F4-BD46-E37B7EE630C4}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{17CF5092-AA8F-4A92-93C0-7048525F1EAA}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{1941232F-FA15-43B1-A5D6-C6F22EA27057}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{1949DD51-7629-45A3-B512-9E2D03EAD00B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\machinarium\machinarium.exe |
"{195883D2-3E24-42AB-BC97-BEF80152D513}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1A3AD000-7D3A-418D-ADB3-924D8E0DD031}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\thepolynomial\polynomial.exe |
"{1BE42EB6-762B-43C2-AC52-840AC598CCF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BF9D68B-AA22-42F8-A7AD-EBC3C636A677}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beat hazard\runme.exe |
"{1C0DCCFD-550E-4042-BE9D-64CD098473E8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1D1D4462-00DC-4A85-B55D-AF0E12FB0C26}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\time gentlemen, please!\tgp.exe |
"{1EF114A8-E30F-4CB8-96FA-0D821579B1E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1F05F189-F195-49F4-B3EF-D5EB2E5B90FA}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{1F308E5A-71CD-41DA-AD3A-7F58E6D54368}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{1FB29C98-E5EA-4A79-AB2B-64DF530A4B00}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{206ADF0D-15B4-4113-8DFB-62293A3B0275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{20A8D40B-4227-41B0-8FB2-7C1D9497B79B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{20E4821F-151F-4466-9B21-98AD7D920DD4}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{21B4F949-3663-4810-8CB4-A8ED567ECDBE}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{21F308A0-8794-4C78-BD3E-CB1549096D24}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{21F82B06-0E89-4166-86C9-D7F3475108A3}" = dir=in | app=n:\my media\other\programs\vlc setup helper\vlc setup helper.exe |
"{23C6B76F-01EF-4C2A-95E4-3BF08AD2D642}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{25B841CA-0177-42FD-95AE-118BED2AE0E5}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe |
"{25F9E5DC-EB44-4987-88FE-D9F560671D24}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{26DE95CA-800D-43CE-9A9F-9490C984FD24}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{275BAF7F-B9C4-4211-8BA4-58126D65357A}" = protocol=17 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc streamer configuration.exe |
"{275D2419-137D-4E28-A846-F20AA013B0C1}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{2884CDD1-F23B-424A-80E1-F56CAA3CBF4B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{294BB660-F32F-4460-A3E7-2E8B9C567A33}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\manhole\manhole.exe |
"{2B47705F-120D-4CDF-B983-14A66B6D2E1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B9BBC13-A899-4B03-BC51-F67AA514BBFC}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\swarm.exe |
"{2D818E08-12A8-4C6A-9678-C19E46A2F390}" = protocol=6 | dir=in | app=n:\my media\other\programs\vlc streamer\mdnsresponder.exe |
"{2DFA94F9-A87E-4995-9066-71FB8D1DC64E}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\risk factions demo\risk factions.exe |
"{2E62F141-75CF-4215-8128-049ED84A2A80}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{2E830189-B43F-4482-9F47-D53A409B28EE}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{2F1D2E41-8593-4534-83E4-4517B01C9CD3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{2F1D9A3E-AEDD-478C-A8C0-4AD754A582F1}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{2F21E4F7-4178-4989-A75F-D4943CE54ECC}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{2F42EA0C-CE4D-43EF-926A-3162D22EDB37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FABD2E3-DA76-49D6-A23A-3D3D2367F89B}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fear.exe |
"{305F595C-A1B5-4372-A6CD-2D1F007B8872}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{30A37521-A687-48EB-9556-7326DCB0C647}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{31E59F4D-9E2F-41B2-A201-4CDC287D2938}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{32470017-7ED8-402C-A317-137AABF7C99D}" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\akamai\netsession_win.exe |
"{33293D90-BF4B-49B4-905A-509E5FA9042A}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\edge\edge.exe |
"{33C250E1-1F60-4FA9-93EA-402D2A192ACC}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{34119405-F192-462F-AAB9-C46575CC6760}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mightier\mightier.exe |
"{34387DBB-83E3-4810-BE05-3962973CDCE5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\gu.exe |
"{34DED3DB-EF99-4B1C-8B24-DA2C59C99176}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3626BC40-2C69-4638-82A1-82FE8603A701}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\spacechem\spacechem.exe |
"{37719162-022B-4C36-9FC4-CA27129817F2}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{3A1C8636-643B-4BB7-8BD1-4FA82C228CBF}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3.exe |
"{3A3875DA-390C-4035-90F1-AF787EC7EAEE}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\real myst\realmystsetup.exe |
"{3A890207-AF62-425C-8E14-13C2B113841D}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{3ABDDF50-A725-4D18-986B-C87CD94DD8B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B10F147-BA77-4796-BECB-780AF6C6620A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\real myst\realmystsetup.exe |
"{3D418EA4-9B03-4664-B27A-9ED448395247}" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"{3DD10797-3801-4D73-ABB2-D86945B948EB}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{3E98F0C7-CC7C-43A1-B728-B29B2B18AE25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{3EB655E2-3AB2-499F-8776-E1533C2FBD54}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\cosmic osmo\cosmic osmo.exe |
"{3EC6FEEF-94B3-40DE-86E0-FAD6E9D528A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F8E3543-6863-402C-AF4B-E4D8F58572AA}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{41EAD334-B89C-4C96-B14D-BB77C07DA2C3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{41FEE5FE-7F6E-4FF1-9D4C-53BD9CB1F902}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{427783F9-88A3-4D1C-A724-8DB2F29B9715}" = protocol=6 | dir=in | app=n:\my media\other\games\starcraft ii\starcraft ii.exe |
"{42E7AF04-EB5B-436A-9CDD-413C33328C18}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{436DD414-3EB0-48CB-B390-6307D8BC196E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45036656-1790-4B96-9F90-539C9490051A}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{461A9975-BA70-4329-9635-2876F8D23D32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4731BBAD-2784-4E1B-B1A6-CB4FAD3B0252}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{47E77C1E-4235-4FC2-9C54-765649A2D27E}" = protocol=6 | dir=in | app=n:\my media\other\programs\vlc streamer\mdnsresponder.exe |
"{482B6AC1-31E2-484E-B28F-0DD6B0133AE1}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{484E84CB-7F61-4FD3-B70F-C6EF244ED67D}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\shatter\shattersettingseditor.exe |
"{4949535D-8E6B-44B8-B2FF-C2D279192946}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe |
"{4A37BC56-B502-4182-9FA4-B34474678067}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4AE2C5CB-ED15-4E34-846A-03F761B79220}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\real myst\realmyst.exe |
"{4BC46957-4323-4B3B-B3A7-164789FFA885}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space\dead space.exe |
"{4C815495-BA6E-487A-8955-1ECAC462CA2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F89E0DC-58D3-48B4-BBEC-D7186BF753E3}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dc universe online\launchpad.exe |
"{4FB41E01-D7C8-4332-8505-9846BB9FE69D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4FCE9F87-5F1D-4C6E-882F-BEF034460B59}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beat hazard\beathazard.exe |
"{4FE20C75-EBCD-4538-82D2-D2AFD74F8F2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{502356AC-5078-4217-89BD-87D2F0DF1F93}" = protocol=6 | dir=in | app=n:\workspace\xampp\xampp-control.exe |
"{50C179B2-30F8-473E-98C3-0B8C6F13BB9F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\riven\riven.exe |
"{516B5A41-3F25-46D0-ADA8-B3B0D5BB398C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{5194D1FE-B165-4FCF-8C43-DE8460A8B4FB}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{51CAEC52-4663-4D7B-9D40-83E6427B5864}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bastion\bastion.exe |
"{524BA2FF-E6A0-4423-8F70-0A84A07BE9C2}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sam and max episode 4\sammax104.exe |
"{524D4DF8-E2A4-4D9E-8278-A10023F35C56}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{536A0FDD-7B56-4921-8675-5A17CF6035B2}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chime\chime.exe |
"{53BC47B1-FCA5-4BC7-A063-6411840CC889}" = protocol=6 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc streamer configuration.exe |
"{565F1939-66E2-4A5D-BD4C-7922EE3ECF9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56BA3228-B833-4D7D-9668-A4C70AC3B814}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{56E676DA-5468-4157-B15A-C5E91187DD9E}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{56FCA9CE-32C0-49E1-8647-3E4544A9728B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\manhole\manhole.exe |
"{573C348F-0A16-4613-97E0-D9A18F54CA66}" = protocol=6 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc streamer configuration.exe |
"{5820AF0D-7E60-4FB4-BBB3-86A5CFFE4F69}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear2\fear2.exe |
"{58443BD5-9C8B-4EFB-AA52-CD1A3E831622}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\swarm.exe |
"{58F2B148-4527-4E97-8C2C-5FCCFAD48D43}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\insideastarfilledsky\starfilledsky.exe |
"{59ADE0DF-D012-4E65-A90C-356D13001BA0}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{5A55BB54-43BA-44CB-8742-469FD8242F71}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\myst masterpiece\myst.exe |
"{5AFD13A3-E371-4C73-86EA-D1F2D180DC27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B45D326-4CF0-4114-A159-9C998B8268EA}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5BD0D3B0-BF86-4002-9DBF-DAA4F57562E0}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{5C392A92-F9C9-40A0-BA6B-B022C644750D}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{5CF37D05-07B5-468E-A3C9-C3F58784907B}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\spelunx\spelunx.exe |
"{5D57A95D-1E79-41E6-A5D0-B11457C4223C}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5EA78788-7C48-474E-A295-E1349030B61B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trine\trine_launcher.exe |
"{5F6091A6-EDF8-40DE-AE19-ED1B310E51AE}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{60A78219-AB08-4251-8C47-EDB3576711AD}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
"{614BD6F4-EB69-45B5-919C-15A12F1953C5}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{621171B5-70BA-4CA7-87EB-64ADDB266632}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{623FF550-406D-4351-A4C6-454E3FA4D8D5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{62E63E0F-560A-4D03-86F7-F97C5D98809C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{62F55959-1BB5-4B90-BAF7-B3DFE74D658F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6327AC66-47A1-4E7C-A104-B26FA087FA2E}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\time gentlemen, please!\tgp.exe |
"{6341B669-B276-4F40-9CC1-07DAE77E44E4}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{637637E5-FBEB-4BC3-8F06-57C56A7687A3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\gu.exe |
"{64AB1296-3DCE-4150-9F59-AB3E59E42880}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{64EA5156-0624-4C7C-B21A-E92FBF2E3848}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{67A45F29-8053-4073-8AC1-F5E100057BD9}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\edge\edge.exe |
"{67D7B84D-2FFB-4706-86E8-4D38C8F116F2}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{67DE12FA-4281-4B12-9B9F-44A680F0CB4E}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\thepolynomial\polynomial.exe |
"{68B3BB5F-C032-4D70-8B7B-09F6D9C15770}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\supermnc\uberlauncher.exe |
"{68F9D507-C240-49AC-81EA-97BEAE096DDE}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{68FB69E7-19A1-44A6-AB0E-98D6C3BCC300}" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\akamai\netsession_win.exe |
"{6933C5E9-4508-4166-A740-A340CCBBC19A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\swarm.exe |
"{6A431BE8-AECD-4F63-8863-1299D94A5717}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\srcds.exe |
"{6B236F7B-5ED3-4F4F-B46F-6D72C0CB666B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{6B5BBB05-3118-43CC-9F75-F703FEC8BEE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6B7DC106-9C79-4535-A3F8-F50FE0E95E5A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\real myst\realmyst.exe |
"{6B8BB03D-1DF0-4CD8-94C4-61BB283AEA1F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\world of goo\worldofgoo.exe |
"{6DA3E114-B4A2-4E16-A32A-B2173197927B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\spelunx\spelunx.exe |
"{6DDC8513-F1D7-4D4B-9240-8369C9503061}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E8E4EC5-BA71-40BE-BDE9-F9FFED63B7DB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6F27264B-B80B-48F4-AD69-A31C2E87F8E0}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{701D77C1-4B3F-4BAF-9C7A-0BEFD79197F1}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\rush\rush.exe |
"{70D7B82D-E4EB-4F8F-96CD-6EF5FB057586}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\the final hours of portal 2\thefinalhoursofportal2.exe |
"{713827E2-B6D9-4B11-B2B9-E9B5E464047E}" = dir=in | app=n:\my media\other\programs\vlc setup helper\mdnsresponder.exe |
"{722F5214-1108-4EF5-8EB9-670844A7D635}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bit.trip runner\runner.exe |
"{72756393-7A18-40BC-AAE5-34FE62101004}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{736671D8-C0A5-46A4-B792-52107B618072}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\samorost 2\samorost2.exe |
"{7418743C-13A5-4A24-AB09-F4B2F5973AEC}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dc universe online\launchpad.exe |
"{74794D6D-F41C-48B7-A6F7-563221FD3EA2}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{76430692-8A63-404F-8C71-EF1440FE0E2F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\cosmic osmo\cosmic osmo.exe |
"{766FFDE2-9A22-46F2-B449-EF3C75A731A4}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\risk factions demo\risk factions.exe |
"{76A8F66C-CD99-45D6-A3FB-1217470E9255}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{76B3D31C-BC22-4DBA-BDBD-D7622E86DA90}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{76B955C6-8698-4007-AB11-9D675ECD088E}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{78FB4BD0-0724-4F2B-9C85-7F544EB28BD7}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\duke nukem forever demo\system\dukeforeverdemo.exe |
"{79231F54-B810-424C-A285-A628F8A153DF}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\uru cc\uruexplorer.exe |
"{7B82CBBB-A148-4623-B535-BCB04677E121}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe |
"{7C0EDF16-19D7-4123-BABE-084A0B602589}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{7CEB3128-BEF7-4B7B-868C-6235942F5242}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\edge\edge.exe |
"{7DA8FCAD-70C0-457C-99E7-403323C4EA35}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sam and max episode 4\sammax104.exe |
"{7E2E61B4-5D5C-47A1-B1FD-719F101B5D20}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{7F316674-7E3C-4573-9997-4564E0C99C86}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{7FCBADB7-9721-4ACB-B58D-07583299B9C9}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{8065E10A-52DC-4833-B82A-228B7EBC1760}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\srcds.exe |
"{81B083D4-5970-4F85-BD4D-F10F7969001A}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{82318856-B7C5-49E2-B93E-2A5059C65BB1}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{8238357B-27E5-44B9-96D2-40FBAABE0611}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{823F5548-D234-4B37-AEE9-288609F45C1C}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space 2\deadspace2.exe |
"{82E380D3-00D5-4EA0-8577-B05189BDC6B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{838B49E5-E635-4706-91FC-94E37A6FF70E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{84C83A64-43A7-4730-87BE-0F9183E68F9E}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\rush\rush.exe |
"{854705C8-2487-42A0-BEF1-69FC8D53A210}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{859CF96A-69A8-4239-B935-31102E98DF8B}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\duke nukem forever demo\system\dukeforeverdemo.exe |
"{86763EAF-88F1-4E26-914C-6E003C150ECB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8819ED7C-8070-4746-ACE9-5C9A80160617}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trauma\trauma.exe |
"{8902682C-5F05-4BA1-A365-85CE834C2EA0}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ben there, dan that!\winsetup.exe |
"{8AAB229F-82D7-4D25-9FE9-F24D71D36E95}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8ABB71DE-1939-4232-874E-E7636969D70B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B3F796D-8DE6-4857-82AB-19BFA3C21B08}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{8C8D35BB-DA18-442D-B5D0-64BBCFA854BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CA98693-C4BE-4BBF-8EF9-11E4238875C3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{8D1FC069-B287-45B9-95F7-90ACB53801DA}" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8F75CFA0-4995-445F-9903-07CADB97CF76}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{9092E13A-7E0C-442E-9E32-1C06BF3A4A00}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{91981309-4323-4218-8022-949D5A4D5A93}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\samorost 2\samorost2.exe |
"{92B4AE27-F06B-4648-B4FE-EDA2EBD95B47}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{92C2FC6A-8BAA-4D79-AD43-E0B49BD5657B}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{92CBD53B-DCA0-49EE-BD23-7A843E818B05}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chime\chime.exe |
"{93C743F6-5A54-45E3-AFFA-15B824F50D28}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\runlauncher.bat |
"{94A4A567-C9FD-4C5A-A5E5-C37BA7C8E2E2}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\portal2.exe |
"{967AFEB4-C955-43EA-88C6-2130479EF553}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{96AF2C33-80FE-4A2E-9614-A2F9180A4A02}" = protocol=17 | dir=in | app=n:\workspace\xampp\xampp-control.exe |
"{9818A431-279E-41D7-9792-3A3E876DDB95}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{981E7709-06F9-4D07-A347-0B465DCAF553}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{99B4E1D0-740D-4C3D-8DBF-7E8E42709BE2}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{99CC5E76-F10E-45E2-9437-3FCC9B3C86D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9ACEDB3F-C8B2-459A-B328-0055CF5E1D15}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9C649582-2481-482B-A8E2-A814375F5834}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{9D49B5EB-0CC8-444B-A8F5-5C6AAA202A08}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\shatter\shattersettingseditor.exe |
"{9DB0C933-2B9A-46F3-A61F-6746635B8255}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\world of goo\worldofgoo.exe |
"{9F4952AE-EF59-4AF1-8B99-1BDE34E08BD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A01BAD3F-54C0-4A4C-A5D5-012AF857E29D}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{A2E61CB3-0065-4CAE-9808-037CAAEE4C43}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\monkey2\monkey2.exe |
"{A482962A-B7DA-4489-99EE-429FFD2BCF6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{A547456A-DC36-4BCC-809A-08A46201CDD0}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\super meat boy trailer 2\smp.exe |
"{A5B9D258-10D8-4528-9677-2EF0F46D3FA5}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{A7603FCD-B341-4826-9E4E-42311E30A9F3}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{A80AA68D-B1A1-4ADB-B2CA-DC38CBB51CAB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA1C7DDE-6DB9-4E0E-B788-03C5D617F8D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA32A92D-B85D-4ECF-AC9A-9E00474FE0A0}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{AB783CED-7576-4265-8C55-08BFD37A3F9D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB8DE658-1031-4C03-8592-81D0604DB545}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{ABFE97E6-71F9-45FA-B7F5-0BF5DB343B6D}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{AC4172AB-FDE5-4A16-8BF0-88652D275834}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{ACB1B3DF-9776-4D96-BB0D-097A40C81CB8}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{AD52DCF1-1555-42E0-ABD6-959ECD42FB63}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{AD94B491-80CF-4593-83B4-E23F22D77ED5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{ADB979FB-1CAE-409F-9C77-738B91067E73}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{B21BC17C-98AF-4D5C-84D2-A29C3301AB6C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B2D8124C-6CB0-4948-B185-365768FDEEEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3404A41-09C4-403F-9095-D415502171D7}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{B763FA82-4E8D-437B-BC4A-24F5173BA0BE}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{B8A96641-0BFC-4012-9C1B-18B48D835F6F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\portal2.exe |
"{B9C0542A-6081-475C-BED7-F73662588C3A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B9DBA4A2-C71E-432E-9463-4DE65D66E10C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BA9D717E-8D69-43E6-BAB1-0A6D16B521B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB0BD49D-F47F-4012-85AE-DAE4DF8BDB19}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\swarm.exe |
"{BC443764-D971-459B-A890-151090AD3FFC}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{BCDF279A-1705-463C-8062-FCFE6F848DD3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\myst masterpiece\myst.exe |
"{BE8F825C-CB1B-4430-B573-46D816FAFB45}" = protocol=17 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc streamer configuration.exe |
"{BF3569FF-044D-4994-83EC-64F9F4BF0DC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C0945438-0C94-4985-882B-1C3B0691C42F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\beat hazard\beathazard.exe |
"{C1163116-9A57-4824-B364-295FFC862BDD}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space 2\support\ea help\electronic_arts_technical_support.htm |
"{C121CD12-DE29-47E8-9C05-E4266B973D65}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fear2\fear2.exe |
"{C19A33C2-2E74-4714-A4DB-C89C49329B0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3FF2C16-1E08-4096-A9B5-68D9B1977F54}" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C4397E01-FCCB-4429-B866-9FACAEA28156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5F1D456-202D-4535-A53C-401ABD4F2B46}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3.exe |
"{C600FCE7-18EA-42F6-B33D-B1B26758502F}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{C6B21A2C-12CF-4F6B-9654-E96ADCDAD362}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7388170-3654-4B58-86EA-56207F000A0B}" = protocol=6 | dir=out | app=system |
"{C74F9DE8-7D1D-46DA-8A12-525790CDAD1E}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{C76F1B5F-FDE8-445A-A61C-7FAD1FA8C12E}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\runlauncher.bat |
"{C8E0F167-5FC5-4C48-95C7-4F42E2379691}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\toki tori\tokitori.exe |
"{C9B01D46-6081-46B7-8C07-D9BB57E51723}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{CA175EAA-7EE0-4D44-8596-2B9C21F467E3}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{CA840E10-38AE-4C6E-ADB4-3513466EC86A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{CA9E89EB-B880-4AD3-98BA-65F597A63B3B}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dead space 2\deadspace2.exe |
"{CA9EFB9D-5B3B-4E76-953A-D23CA9695BE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{CB5966FE-7974-46BF-ACE6-0B364B2469E9}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\portal 2\bin\sdklauncher.exe |
"{CBFB1833-FBAA-4DE5-940D-FE13CA1D0EBF}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\world of goo\worldofgoo.exe |
"{CC40C0F2-D4B3-4228-95E8-0C5CAD3501DB}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\spacechem\spacechem.exe |
"{CD81FA87-DF11-4B0B-9D9A-62BE80BD61A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE003469-D8B4-4ADB-806F-30EEACF09014}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CE5E534C-6254-4A6A-B7C1-5DB7781B7453}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien swarm\srcds.exe |
"{CEFA2394-4C5B-4091-BDBA-5FDEE98779D5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{D2396486-53AF-4C7A-8CDC-D70C6379F2B9}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\edge\edge.exe |
"{D3E8DB32-680B-4F91-9A40-653EBB049E27}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D437B6F5-2721-4DAF-ADBB-C65B6C73F995}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D44E3DD1-F4EC-454B-9509-41C628EBF9B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D54AF9E8-3408-4B43-9710-BE3EE4BFE993}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\super meat boy trailer 2\smp.exe |
"{D558FC6A-40D2-4408-B3D7-C0C24E83FD42}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{D6D3A6F4-2D7E-4CB3-989D-F1233047B78A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe |
"{D70933C4-6665-4593-AE94-1B10BD4FC2FF}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{D8060DC5-72C0-4A91-BBD6-964A2164C653}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D80F15B7-9905-401C-B083-9EF43BE82624}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D85C9DE1-213F-4317-ADF4-2F097DEA3E9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D8C31837-B871-46A0-8E76-02DB03993508}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\toki tori\tokitori.exe |
"{D9B83C62-237C-4F33-8550-0F3648243341}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\psychonauts\psychonauts.exe |
"{DBD1C5D0-E853-40A1-879B-D3C8E4B01BCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC9C937F-7809-44EB-A275-E147DB630AFE}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DDC08A62-FFA2-43BC-937C-5B69F8CF2F6A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{E03D7D65-1AAB-47C5-99D4-6336A0D9C9D1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E0A9FCC8-8229-446D-AE60-B44E2663C8D5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\uru cc\uruexplorer.exe |
"{E153C258-5BC7-4A33-BA19-366374A90969}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\swarm arena demo\swarm.exe |
"{E205389F-AFFC-4725-8383-4EE036A28DF1}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{E20AC28C-1A06-4150-9394-4CD459460C79}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trauma\trauma.exe |
"{E35A4D13-1CE5-433B-A0EE-4755BA6CB1D6}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\galcon fusion\galconfusion.exe |
"{E4A891AE-C77D-4C83-BC3C-7B7B2E197D1C}" = protocol=17 | dir=in | app=n:\my media\other\games\starcraft ii\starcraft ii.exe |
"{E4CB72DD-819D-44E9-9DC4-4DDAA170ADC3}" = protocol=17 | dir=in | app=n:\my media\other\programs\vlc streamer\mdnsresponder.exe |
"{E544C254-B7CD-4491-9EF4-8A63CBD2E634}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\psychonauts\psychonauts.exe |
"{E5ADCA46-F0AC-4985-B19B-C5CD49DAA95D}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\machinarium\machinarium.exe |
"{E5D3565C-1B5D-4CB1-AAE1-127E32A8E3BA}" = dir=in | app=c:\users\riley\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E634607C-5213-4EE7-BC53-2D7E1964E2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E67D4575-0D77-4F8D-ABBF-81A41121C312}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{E6FB11B4-5B29-468A-88EE-B35E6812D886}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E70F78BD-A2FC-4BDC-ABDF-25DB401F61C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{E906D013-9802-460E-9D0A-5756828E8DF5}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\peggle deluxe\peggle.exe |
"{E94B9A61-397F-46C5-963E-E946520D26C9}" = protocol=17 | dir=in | app=n:\my media\other\programs\vlc streamer\mdnsresponder.exe |
"{E9C68C5B-2891-49DA-9AEC-7B1A1363A8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{EB636F33-877C-4360-B3D0-B801873F5285}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EB889D25-90B4-4EFA-BABF-30AEF1A8732B}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\hacker evolution untold - demo\hacker evolution untold.exe |
"{EC0D022A-7868-4073-AE49-006BAA804143}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\world of goo\worldofgoo.exe |
"{EE4DC1B9-2F15-4AEB-8EDC-D00F6057102B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{EEACC063-94E5-4FBA-82F1-7A3F1687D175}" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF6E64C4-3AB8-4E83-92C3-AD1281D82B1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F17EC576-6F08-4931-BB86-AD386E316255}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe |
"{F19EC8EE-290C-43BC-8E63-4E635B0AE710}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\monkey2\monkey2.exe |
"{F2591C20-8BDB-4666-AD7C-001B9A3DBA76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F25B56F0-8A9B-4827-9288-125C416B77D2}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{F282E4EA-1A04-49D9-ACCB-3137E89F5C7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F34DE5F8-8446-4A0F-9A34-730F46CA3E41}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{F5E9A4D6-0863-499C-BA55-B1B036632211}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\ben there, dan that!\btdt.exe |
"{F67C98B5-1FA9-4714-8275-0BCEDFE8412A}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\trine\trine_launcher.exe |
"{F6F52600-953A-4ED0-8E41-E32CBFEE6F19}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{F79A2F57-FC0D-40A8-8365-487AE0853795}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F7EC59E1-CCE4-4DB8-B378-FBBA5E885574}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F83363D0-CFA1-4AA4-9E94-A6FA60E6CCA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F90ABE97-073E-4BEC-B510-EAC28A18E5CF}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{F9BCC4EB-CECA-485E-AA5A-6128AA35AA8F}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\mightier\mightier.exe |
"{FA67C553-A0B5-4679-9BB4-034FC7D05576}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{FB95257F-C43A-40BE-A00F-50C72BCB0732}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{FBDF4A33-BB7B-44C4-AB11-E8EFAE873833}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\swarm arena demo\swarm.exe |
"{FC6BA0F1-22A6-494E-8243-965ACF7A04F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{FCC9F98F-E215-4BBB-AB81-8A1EF3C4FD14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCEFE15F-6E80-43F5-B7E9-7BBAFDCCFFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{FDFF3505-8B67-480B-80DC-58EE1FF576A9}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{FE258A95-C8E1-4140-A8D7-1C980E476A76}" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FF393F01-A698-4F4A-818E-C47B758DDD0F}" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\supermnc\uberlauncher.exe |
"TCP Query User{090B4422-F351-4684-BD7A-A5DDC26F4641}N:\workspace\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=n:\workspace\xampp\apache\bin\httpd.exe |
"TCP Query User{0F7A2D52-3A46-4F7D-BCF4-E6FABA608AFA}N:\my media\other\programs\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\binaries\win32\udkmobile.exe |
"TCP Query User{108FF715-C804-4B88-83CF-4C54C62FE5AB}N:\my media\other\programs\mirc\mirc.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\mirc\mirc.exe |
"TCP Query User{1196EAD6-1EBF-4DAE-B3F8-7E09E176609F}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{1CCFFA4B-1412-4DD2-A2A8-25958EA4F060}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
"TCP Query User{1D107803-94EB-4316-AC8E-F38085379D20}C:\users\riley\appdata\local\livereload\bundled\node-0.8.12\livereloadnodejs.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\livereload\bundled\node-0.8.12\livereloadnodejs.exe |
"TCP Query User{1D906096-EB20-4C53-B11E-DBF601748F41}N:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{1E2541FD-D149-4624-B122-E48EBBC18173}C:\program files\bitnami djangostack\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\bitnami djangostack\apache2\bin\httpd.exe |
"TCP Query User{1E6CC6AD-E860-4875-98E9-BB9DFC0B06BF}N:\my media\other\programs\tixati\tixati.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\tixati\tixati.exe |
"TCP Query User{27E4DB14-0C80-4355-B3FC-2380180DDB2C}N:\my media\other\games\proun\proun.exe" = protocol=6 | dir=in | app=n:\my media\other\games\proun\proun.exe |
"TCP Query User{331CEC67-FA3F-470E-B88A-2A3B6E83D09F}N:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\game.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\game.exe |
"TCP Query User{3EA77CD8-0D4F-4346-970F-EE6FB3939854}C:\users\riley\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{3F00E990-1A24-4379-AC35-0DE697C8DEDE}C:\users\riley\appdata\roaming\talk.to\host\talk.to.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\talk.to\host\talk.to.exe |
"TCP Query User{439D55D5-0E7F-4656-B6DA-598CDA339CC3}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{44E68EC4-60B3-49A7-812F-E8516DF2F3D0}N:\my media\other\programs\editor\unity.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\editor\unity.exe |
"TCP Query User{45B98496-299F-41C3-9EB2-62838441B3D0}N:\my media\other\programs\binaries\win64\udk.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\binaries\win64\udk.exe |
"TCP Query User{5170178E-0515-441F-BB6D-5EC1160D0446}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe |
"TCP Query User{5275EB62-AB72-4464-875E-0FF9F2EC5FB3}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{59387E76-56AC-4AEF-97EC-E2442662E394}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{5A40ED17-AF2E-46A9-984E-D814ED475A2C}N:\my media\other\programs\comicrack\comicrack.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\comicrack\comicrack.exe |
"TCP Query User{5B581C06-A5C9-49E5-A8BA-61C1F7499948}G:\tixati_portable\tixati_windows.exe" = protocol=6 | dir=in | app=g:\tixati_portable\tixati_windows.exe |
"TCP Query User{6367B551-7117-491A-8BB8-8DB57B6204D3}C:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{68477B9D-84D5-4E87-9339-CC822616E029}E:\tixati_portable\tixati_windows.exe" = protocol=6 | dir=in | app=e:\tixati_portable\tixati_windows.exe |
"TCP Query User{6CEE9846-17BB-47C2-857F-550E45EA936D}N:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{85726C68-2B47-4BDB-8223-47C6CCF9325E}N:\my media\other\programs\unity\editor\unity.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\unity\editor\unity.exe |
"TCP Query User{863089EB-50B9-43EA-A4C0-ECB8ADBDF443}N:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"TCP Query User{8FFCD299-F010-4596-A2CB-5CF796A41B1B}N:\my media\other\games\starcraft\starcraft.exe" = protocol=6 | dir=in | app=n:\my media\other\games\starcraft\starcraft.exe |
"TCP Query User{914BE8D5-5CBF-44C4-84DD-A47F33FF55F5}C:\users\riley\appdata\local\livereload\app\resources\node.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\livereload\app\resources\node.exe |
"TCP Query User{937B1576-5D83-4BF5-9455-1CD868A04239}N:\my media\other\games\proun\proun.exe" = protocol=6 | dir=in | app=n:\my media\other\games\proun\proun.exe |
"TCP Query User{A51C1B58-39AF-417A-BCBD-4A6E24F2EF97}N:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{A785AB76-10B9-4754-9263-7253506A82B1}N:\my media\other\programs\steam\steamapps\rileyjshaw\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steamapps\rileyjshaw\team fortress 2\hl2.exe |
"TCP Query User{A87EFF8F-DF16-4AC6-830E-89D8BB5D451F}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{AEE7A55B-C239-4FC6-A35A-200A32574CE5}N:\my media\other\programs\xbmc\xbmc.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\xbmc\xbmc.exe |
"TCP Query User{B347EAE1-ED42-4505-ACEB-20CB6F1AEE85}N:\my media\other\programs\vlc streamer\vlc\vlc.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc\vlc.exe |
"TCP Query User{BBF38663-3A51-4123-A48E-8A9A7D628D88}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{C3BFAEC0-9EBA-4B6E-974D-0BF231AF0737}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
"TCP Query User{C89F6A47-ADBE-494C-8C70-3B9CA9FFC8F4}C:\users\riley\appdata\local\spoon\servers\spoon.net\users\rileyjshaw@gmail.com\sandboxes\safari__5-1-4-0__en-us__default__x86\local\stubexe\0xeba6d105cf18b29d\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\spoon\servers\spoon.net\users\rileyjshaw@gmail.com\sandboxes\safari__5-1-4-0__en-us__default__x86\local\stubexe\0xeba6d105cf18b29d\mdnsresponder.exe |
"TCP Query User{CD52A3A4-DAD7-428B-9370-7C504E283934}C:\users\riley\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D94BED69-6902-459F-83BF-9FE17822B0A0}N:\my media\other\programs\binaries\win64\udk.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\binaries\win64\udk.exe |
"TCP Query User{F283F6DA-0B6B-459F-9F8B-B69DAC3AE1B9}C:\users\riley\appdata\roaming\talk.to\2.3.8.455\talk.to.exe" = protocol=6 | dir=in | app=c:\users\riley\appdata\roaming\talk.to\2.3.8.455\talk.to.exe |
"TCP Query User{F6B95852-8D57-47A3-AD1E-BB5ABBA0B1A9}N:\my media\other\programs\binaries\win32\udk.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\binaries\win32\udk.exe |
"TCP Query User{F796DB18-FF5C-43E9-A2CD-7C6CEBD5B02F}N:\my media\other\programs\steam\steam.exe" = protocol=6 | dir=in | app=n:\my media\other\programs\steam\steam.exe |
"TCP Query User{FC378A7E-83C5-4D6B-83D2-44629B353BE1}C:\strawberry\perl\bin\perl.exe" = protocol=6 | dir=in | app=c:\strawberry\perl\bin\perl.exe |
"UDP Query User{0CCD655A-1946-4155-8D49-8DB4E2C04E3F}N:\my media\other\programs\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\binaries\win32\udkmobile.exe |
"UDP Query User{0E883224-B297-4BF4-B513-5DA9EB8341FA}G:\tixati_portable\tixati_windows.exe" = protocol=17 | dir=in | app=g:\tixati_portable\tixati_windows.exe |
"UDP Query User{135BF10D-299C-4039-B085-A08A9C880973}N:\my media\other\programs\tixati\tixati.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\tixati\tixati.exe |
"UDP Query User{1514617E-E2FC-4CB1-BD06-9C19763DB12D}N:\my media\other\programs\binaries\win64\udk.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\binaries\win64\udk.exe |
"UDP Query User{1ADF4640-E078-44E2-BA0F-86CC90BBC359}N:\my media\other\programs\binaries\win64\udk.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\binaries\win64\udk.exe |
"UDP Query User{1BF329FC-0807-4C69-92BB-8F2A2F44CA5A}C:\users\riley\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1F0B3E10-0743-47D0-AF82-5FD755262477}C:\program files (x86)\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
"UDP Query User{1F0CDAE0-5B98-4382-98F8-94CD8F6164E6}N:\my media\other\programs\steam\steamapps\rileyjshaw\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\rileyjshaw\team fortress 2\hl2.exe |
"UDP Query User{1F60BB9F-0E49-4C66-B1B4-6D32235378A6}N:\my media\other\games\starcraft\starcraft.exe" = protocol=17 | dir=in | app=n:\my media\other\games\starcraft\starcraft.exe |
"UDP Query User{253DAC6F-557E-4115-8AB1-A4E7F12DA019}N:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{2F4E1AEC-499B-4351-9151-F212A7BA1546}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{30EE501C-43F2-469E-9D70-D6D4DCC70499}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{39BF6812-95E1-4659-A4D1-55E875057863}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{41060550-8828-4BAB-8E8E-0122BA5CAEA6}N:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"UDP Query User{59409658-ECB5-4CBE-8490-9C8B0F952B4E}C:\program files\bitnami djangostack\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\bitnami djangostack\apache2\bin\httpd.exe |
"UDP Query User{5DA9B9D4-C196-42EB-A73B-F76B7FD863CD}N:\workspace\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=n:\workspace\xampp\apache\bin\httpd.exe |
"UDP Query User{6FDB0538-2EBB-4D1A-922F-4072F55E50D4}N:\my media\other\programs\binaries\win32\udk.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\binaries\win32\udk.exe |
"UDP Query User{70CBCC53-6FAF-42A5-9D30-E8B7A362F9E9}N:\my media\other\programs\unity\editor\unity.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\unity\editor\unity.exe |
"UDP Query User{7B403AC0-509B-4FC7-8054-92F0D9AEDBEE}C:\users\riley\appdata\local\livereload\bundled\node-0.8.12\livereloadnodejs.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\livereload\bundled\node-0.8.12\livereloadnodejs.exe |
"UDP Query User{82BAAEBF-10B1-46C1-A249-190E2CE11D30}C:\strawberry\perl\bin\perl.exe" = protocol=17 | dir=in | app=c:\strawberry\perl\bin\perl.exe |
"UDP Query User{831C3218-D19B-4192-9366-631A1865DB84}C:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{89977039-EAA3-425C-BC2F-1C3C6A4B2C32}N:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{8E63DA17-36ED-4208-B633-01E55B2BF9A5}C:\users\riley\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\akamai\netsession_win.exe |
"UDP Query User{904CF19D-3CA2-4889-809A-1E2F86988DDF}N:\my media\other\programs\comicrack\comicrack.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\comicrack\comicrack.exe |
"UDP Query User{984429EB-6E0F-45A0-A501-9A3855E8E2AC}N:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{99BC7CF6-49C6-418D-8E55-92CC371072FC}N:\my media\other\programs\steam\steam.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steam.exe |
"UDP Query User{9E554F29-EAB2-4612-8FA6-7B943F189746}C:\users\riley\appdata\roaming\talk.to\2.3.8.455\talk.to.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\talk.to\2.3.8.455\talk.to.exe |
"UDP Query User{9FDCA65B-4300-4481-9DDF-913CC697230C}N:\my media\other\games\proun\proun.exe" = protocol=17 | dir=in | app=n:\my media\other\games\proun\proun.exe |
"UDP Query User{A2A52ED9-84C4-4925-A9F6-7080059105A3}C:\users\riley\appdata\local\spoon\servers\spoon.net\users\rileyjshaw@gmail.com\sandboxes\safari__5-1-4-0__en-us__default__x86\local\stubexe\0xeba6d105cf18b29d\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\spoon\servers\spoon.net\users\rileyjshaw@gmail.com\sandboxes\safari__5-1-4-0__en-us__default__x86\local\stubexe\0xeba6d105cf18b29d\mdnsresponder.exe |
"UDP Query User{A319A607-1E3D-49EB-8BAB-18D84F540317}C:\users\riley\appdata\roaming\talk.to\host\talk.to.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\roaming\talk.to\host\talk.to.exe |
"UDP Query User{A50F3206-D654-4A2E-8ED8-F6F17DE246D6}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{A88579F5-317A-4551-A704-5E73ACF6B050}E:\tixati_portable\tixati_windows.exe" = protocol=17 | dir=in | app=e:\tixati_portable\tixati_windows.exe |
"UDP Query User{AA412522-4553-40BC-AA12-CBE020E8AE16}N:\my media\other\games\proun\proun.exe" = protocol=17 | dir=in | app=n:\my media\other\games\proun\proun.exe |
"UDP Query User{AC9509CC-C20E-456F-8711-4CE7A1C23E6E}N:\my media\other\programs\editor\unity.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\editor\unity.exe |
"UDP Query User{ADCC5457-79F8-48B7-99F1-459A3231BCB7}C:\users\riley\appdata\local\livereload\app\resources\node.exe" = protocol=17 | dir=in | app=c:\users\riley\appdata\local\livereload\app\resources\node.exe |
"UDP Query User{AE77DFCC-CFF5-4F47-8A9D-218E047040E4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{BF30A059-050F-48CB-AF9F-BE233C615543}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe |
"UDP Query User{C89AA483-07F3-4E60-B2B4-D9078C9E586B}N:\my media\other\programs\xbmc\xbmc.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\xbmc\xbmc.exe |
"UDP Query User{D8806443-9671-43FC-8162-B7E6761DC804}N:\my media\other\programs\vlc streamer\vlc\vlc.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\vlc streamer\vlc\vlc.exe |
"UDP Query User{DA627A8A-322D-4549-B28C-D4757AC192FA}N:\my media\other\programs\mirc\mirc.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\mirc\mirc.exe |
"UDP Query User{EA046098-FFF3-4BBD-A8B1-555CD73FE626}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{F29F4B65-3670-4B6F-BD5F-822C998EBEE3}N:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\game.exe" = protocol=17 | dir=in | app=n:\my media\other\programs\steam\steamapps\common\chessmaster grandmaster edition\game.exe |
"UDP Query User{F2C807B7-6F7F-4F18-A20C-305B104A39BF}C:\program files (x86)\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |

Link to post
Share on other sites

Extras.txt (part 2):


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{280C564E-4534-4C93-936C-615CD8E0D1FA}" = NVIDIA CUDA Toolkit v5.0 (64 bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5F5FEF58-F4D8-488B-BDB3-6D5B22192B02}" = HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ComicRack" = ComicRack v0.9.142
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Sublime Text 2_is1" = Sublime Text 2.0.1
"UDK-fc6ca12c-0061-4b21-a601-8652e68494e7" = Unreal Development Kit: 2011-05

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7FDDF4-23B5-4119-A91A-EC01718DFDC8}_is1" = VP8 Video For Windows codec 1.2.0.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354D401F-05B6-4A1D-8E92-47C1BBC5302C}" = C5500
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0420.1
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B295E70-5256-46DD-ADA8-81E9EF7F4939}" = LightScribe Template Designs - Life Events Pack 1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61356085-6C51-4DC9-99E6-33ED72304690}" = OmmWriter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F2E34E-A7D4-49AF-8D4A-2F6D8760EFAD}" = LightScribe Template Designs - Celebration Pack 1
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2847D2-E3DD-44C0-BAC2-58D12221691F}" = TechSmith Screen Capture Codec
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BD97765-3ABB-4025-8F71-FAF86E57DD35}" = LightScribe Template Designs - Memories
"{6DD5A7FC-0DC3-4BCC-BCDF-3A4EBE565799}" = PS_AIO_04_C5500_Software_Min
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7495F8B4-6F73-496C-AC48-FE7F8867FF59}" = LightScribe Template Designs - With The Band
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D16FEF-F66A-4DF3-AE01-DF0AE3E3BA45}" = LightScribe Template Designs - Hobby Pack 1
"{7ADB1002-9FAC-4EF0-8EC0-57A0D7CB5355}" = Aurora
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89E2DA1C-7AAA-A29B-0FF3-38375A85D3FE}" = Balsamiq Mockups For Desktop
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-11-11) version 20111111.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A422BD09-308A-A866-9B81-616A6348C9EC}" = V-Drums Friend Jam
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE010606-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}" = LightScribe Template Designs - Grab Bag Pack 1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF2115A8-1096-4C84-AA2D-B4DE3ADA2536}" = LightScribe Template Designs - Winter Whimsy
"{BF73C0A4-5E3D-4C6F-8164-C0CCA57E32C8}" = Adobe Edge Inspect
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1C70CF7-F2F3-4A15-ADE5-5DF1BA0739E1}" = LightScribe Template Designs - Bonus Pack 1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}" = LightScribe Template Designs - Quick and Simple Pack 1
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEBEA077-AB92-5083-ECB1-C15BD842D00B}" = pomodairo
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"{F8AACE23-4E68-4F07-BAC0-D3536584EAC0}" = LightScribe Template Designs - Straight Text
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4K Video Downloader_is1" = 4K Video Downloader 2.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"Brain Workshop_is1" = Brain Workshop 4.8.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.roland.FriendJam" = V-Drums Friend Jam
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.5.3
"Fliqlo" = Fliqlo Screen Saver
"Fotosizer" = Fotosizer 1.36
"Fraps" = Fraps (remove only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0420.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.1.5" = Live 8.1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Miro Video Converter" = Miro Video Converter
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.10.1652" = Opera 12.10
"pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1" = pomodairo
"Proun" = Proun
"PSPdisp" = PSPdisp v0.6
"PSpice Student" = PSpice Student 9.1
"ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
"Sonic Generations_is1" = Sonic Generations
"Spoon.net Sandbox Manager 3.33" = Spoon.net Sandbox Manager 3.33
"StarCraft II" = StarCraft II
"Steam App 102410" = Vertex Dispenser Demo
"Steam App 104100" = Inside a Star-filled Sky
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 104700" = Super Monday Night Combat
"Steam App 107100" = Bastion
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12900" = Audiosurf
"Steam App 15100" = Assassin's Creed
"Steam App 15130" = Beyond Good & Evil
"Steam App 15260" = Chessmaster: Grandmaster Edition
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17470" = Dead Space
"Steam App 18700" = And Yet It Moves
"Steam App 20820" = Shatter
"Steam App 21090" = F.E.A.R.
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 22230" = Rock of Ages
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 24200" = DC Universe Online
"Steam App 24980" = Mass Effect 2
"Steam App 26800" = Braid
"Steam App 29150" = Mightier
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 3482" = Peggle Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35700" = Trine
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 3830" = Psychonauts
"Steam App 38700" = Toki Tori
"Steam App 38720" = RUSH
"Steam App 38740" = EDGE
"Steam App 40410" = AI War: Fleet Command - Demo
"Steam App 40700" = Machinarium
"Steam App 40720" = Samorost 2
"Steam App 40800" = Super Meat Boy
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 440" = Team Fortress 2
"Steam App 44110" = Super Laser Racer - Demo
"Steam App 44205" = Galcon Fusion Demo
"Steam App 46610" = Swarm Arena Demo
"Steam App 47780" = Dead Space 2
"Steam App 47860" = RISK Factions Demo
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 57400" = Batman: Arkham City™
"Steam App 57940" = Duke Nukem Forever Demo
"Steam App 620" = Portal 2
"Steam App 62100" = Chime
"Steam App 629" = Portal 2 Authoring Tools - Beta
"Steam App 63200" = Monday Night Combat
"Steam App 63600" = Real Myst
"Steam App 63610" = Riven
"Steam App 63620" = Cosmic Osmo
"Steam App 63630" = Manhole
"Steam App 63640" = Spelunx
"Steam App 63650" = Uru CC
"Steam App 63660" = Myst Masterpiece
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 67000" = The Polynomial
"Steam App 70130" = Hacker Evolution - Demo
"Steam App 70140" = Hacker Evolution: Untold - Demo
"Steam App 70300" = VVVVVV
"Steam App 72200" = Universe Sandbox
"Steam App 7670" = BioShock
"Steam App 8230" = Sam & Max 104: Abe Lincoln Must Die!
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 92800" = SpaceChem
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 99870" = Bulletstorm Demo
"tixati" = Tixati
"Unity" = Unity
"VideoSpirit Lite" = VideoSpirit Lite 1.77
"VLC media player" = VLC media player 2.0.2
"VLC Setup Helper_is1" = VLC Setup Helper
"VLC Streamer_is1" = VLC Streamer 2.26
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.8.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3219339476-703394672-256516966-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"68c6678448324991" = GitHub
"7ec527eb7361b1c2" = LiveReload
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Flux" = F.lux
"talk.to" = talk.to
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/12/2012 1:51:23 PM | Computer Name = Riley | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(04:1e:64:5c:ff:59@fe80::61e:64ff:fe5c:ff59._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 10/12/2012 8:58:56 PM | Computer Name = Riley | Source = Application Hang | ID = 1002
Description = The program XBMC.exe version 10.5.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1e04 Start Time:
01cdd73a814b4ad3 Termination Time: 23 Application Path: N:\My Media\Other\Programs\XBMC\XBMC.exe
Report
Id: d447399e-432d-11e2-a576-d9752b752d59

Error - 11/12/2012 11:04:11 AM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

Error - 11/12/2012 11:43:26 AM | Computer Name = Riley | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(04:1e:64:5c:ff:59@fe80::61e:64ff:fe5c:ff59._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 13/12/2012 12:15:07 PM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

Error - 13/12/2012 6:57:20 PM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

Error - 14/12/2012 3:00:01 AM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

Error - 14/12/2012 3:17:39 AM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

Error - 14/12/2012 2:12:04 PM | Computer Name = Riley | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time
stamp: 0x50be88d8 Faulting module name: chrome.dll, version: 23.0.1271.97, time
stamp: 0x50be8882 Exception code: 0x80000003 Fault offset: 0x0056f383 Faulting process
id: 0x1e1c Faulting application start time: 0x01cdda2674d72b49 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\chrome.dll Report
Id: c2d9b8c8-4619-11e2-9e17-6cf049ef9f06

Error - 14/12/2012 2:36:52 PM | Computer Name = Riley | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(04:1e:64:5c:ff:59@fe80::61e:64ff:fe5c:ff59._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 14/12/2012 2:44:49 PM | Computer Name = Riley | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 12/12/2010 9:30:03 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/03/2011 6:35:28 PM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/07/2011 10:27:08 PM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 384
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/10/2011 3:56:52 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 120
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/10/2011 3:57:00 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/10/2011 3:57:18 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09/03/2012 4:29:38 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1262
seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/04/2012 3:24:24 PM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6892
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 18/04/2012 9:33:45 AM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 581
seconds with 180 seconds of active time. This session ended with a crash.

Error - 31/07/2012 5:26:12 PM | Computer Name = Riley | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2295
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/12/2012 2:13:50 PM | Computer Name = Riley | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 14/12/2012 2:14:24 PM | Computer Name = Riley | Source = PNRPSvc | ID = 102
Description =

Error - 14/12/2012 2:14:24 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 14/12/2012 2:14:24 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = PNRPSvc | ID = 102
Description =

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = PNRPSvc | ID = 102
Description =

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 14/12/2012 2:14:31 PM | Computer Name = Riley | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >

Thanks again,

R

Link to post
Share on other sites

Upload a file to VirusTotal:

Go to http://www.virustotal.com/

  • Click the Browse... button
  • Navigate to the file C:\Users\Riley\Local Settings\Apps\F.lux\flux.exe
    or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

Combofix log:


ComboFix 12-12-14.01 - Riley 14/12/2012 18:26:54.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.3110 [GMT -5:00]
Running from: c:\users\Riley\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
N:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-14 to 2012-12-14 )))))))))))))))))))))))))))))))
.
.
2012-12-14 18:42 . 2012-12-14 18:42 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 18:42 . 2012-12-14 18:42 -------- d-----w- c:\program files\iTunes
2012-12-14 18:42 . 2012-12-14 18:42 -------- d-----w- c:\program files (x86)\iTunes
2012-12-14 18:42 . 2012-12-14 18:42 -------- d-----w- c:\program files\iPod
2012-12-14 00:09 . 2012-12-14 23:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E63B9297-5803-4E41-B540-A07D585D0C60}\offreg.dll
2012-12-11 17:08 . 2012-12-11 17:08 -------- d-----w- c:\users\Riley\AppData\Roaming\.anomos
2012-12-11 17:07 . 2009-11-15 18:37 200704 ----a-w- c:\windows\SysWow64\ssleay32.dll
2012-12-11 17:07 . 2009-11-15 18:37 200704 ----a-w- c:\windows\SysWow64\libssl32.dll
2012-12-11 17:07 . 2009-11-15 18:37 1017344 ----a-w- c:\windows\SysWow64\libeay32.dll
2012-12-07 18:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E63B9297-5803-4E41-B540-A07D585D0C60}\mpengine.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-06 05:51 . 2012-12-06 05:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 18:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-04 18:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-04 18:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-04 18:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-04 18:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-04 18:15 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-04 18:15 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-04 18:14 . 2012-12-13 15:47 -------- d-----w- c:\users\UpdatusUser
2012-11-29 04:48 . 2012-11-29 04:48 -------- d-----w- c:\users\Riley\nvvp_workspace
2012-11-28 01:57 . 2012-11-28 01:57 -------- d-----w- c:\users\Riley\AppData\Local\NVIDIA Corporation
2012-11-27 18:51 . 2012-11-27 18:51 -------- d-----w- c:\program files\NVIDIA GPU Computing Toolkit
2012-11-26 20:52 . 2012-11-26 20:52 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-11-26 20:49 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-26 20:49 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-26 20:49 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-26 20:49 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 23:54 . 2012-01-24 14:01 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-12-14 18:14 . 2010-08-28 15:14 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-12-14 18:13 . 2010-08-28 15:14 25640 ----a-w- c:\windows\gdrv.sys
2012-12-06 16:48 . 2012-04-11 17:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-06 16:48 . 2011-05-21 15:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-04 18:15 . 2010-09-05 22:48 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-29 19:01 . 2010-09-07 20:39 150392 ----a-w- C:\junction.exe
2012-11-02 20:38 . 2012-11-02 20:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 20:38 . 2012-11-02 20:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 20:38 . 2012-11-02 20:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 20:38 . 2012-11-02 20:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 20:38 . 2012-11-02 20:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 20:38 . 2012-11-02 20:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-12-04 18:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-04 18:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-04 18:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 04:44 . 2012-10-11 04:44 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-11 01:23 . 2012-10-11 01:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 01:23 . 2012-10-11 01:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 01:23 . 2012-10-11 01:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 01:23 . 2012-10-11 01:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 01:23 . 2012-10-11 01:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 01:23 . 2012-10-11 01:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 01:23 . 2012-10-11 01:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 01:23 . 2012-10-11 01:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 01:23 . 2010-07-09 22:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 01:23 . 2012-02-10 02:43 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 01:23 . 2010-07-09 22:38 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 01:23 . 2012-10-11 01:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 01:23 . 2012-10-11 01:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 01:23 . 2012-10-11 01:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 01:22 . 2010-07-09 22:38 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 01:22 . 2012-10-11 01:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 01:22 . 2011-10-25 22:01 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 01:22 . 2011-02-23 12:28 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 01:22 . 2012-10-11 01:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 01:22 . 2012-10-11 01:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 01:22 . 2012-10-11 01:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 01:22 . 2012-10-11 01:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2012-10-30 00:22 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2010-07-09 20:17 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-07-09 20:17 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-07-09 20:17 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-07-09 20:17 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2010-07-09 20:17 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2010-07-09 20:17 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2011-04-26 16:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 02:52 . 2012-09-29 02:52 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-09-29 02:52 . 2012-09-29 02:52 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-29 02:52 . 2012-09-29 02:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-24 19:32 . 2012-05-10 00:46 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2010-09-16 04:36 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"Facebook Update"="c:\users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\Riley\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"F.lux"="c:\users\Riley\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunes"="c:\itunes\iTunesHelper.exe" [2011-09-15 822272]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Riley\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Talk.to (Beta).lnk - c:\users\Riley\AppData\Roaming\talk.to\Talk.to.starter.exe [2012-11-26 136280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
MediaKeys.lnk - n:\my media\Other\Programs\MediaKeys.exe [2011-3-22 240541]
Spoon.net Console.lnk - c:\program files (x86)\Spoon\3.33.3.13\Spoon-Console.exe [2012-10-23 6575824]
Spoon.net Sandbox Manager 3.33.lnk - c:\program files (x86)\Spoon\3.33.3.13\Spoon-Sandbox-Native.exe [2012-10-23 348920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WMPNetworkSvchost;Windows Media Player Network Service;c:\program files (x86)\Common Files\Windows Media Player\wmpnetwk.exe [2012-05-16 44544]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [2009-07-14 67072]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-12-14 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys [2011-01-18 4608]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-02 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-30 834544]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Apache2.4;Apache2.4;n:\workspace\xampp\apache\bin\httpd.exe [2012-06-06 22016]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 CronService;Cron Service for Prey;n:\my media\Other\Programs\Prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:48]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219339476-703394672-256516966-1000Core.job
- c:\users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-17 23:59]
.
2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219339476-703394672-256516966-1000UA.job
- c:\users\Riley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-17 23:59]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 17:05]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Riley\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2012-10-22 12:38; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-25 15:12; livereload@livereload.com; c:\users\Riley\AppData\Roaming\Mozilla\Firefox\Profiles\lnae3j63.default\extensions\livereload@livereload.com.xpi
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-AlarmWiz - c:\program files (x86)\AlarmWiz\alarmwiz.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-WinampAgent - n:\my media\Other\Programs\Winamp\winampa.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Live 8.1.5 - c:\progra~2\Ableton\LIVE81~1.5\Install\UNWISE.EXE
AddRemove-UnityWebPlayer - c:\users\Riley\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3219339476-703394672-256516966-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,54,92,57,be,3d,aa,f1,78,81,1b,1a,41,dc,6f,1b,05,a9,cc,92,1b,
6e,35,8f,f6,75,8a,4b,b9,c7,83,3b,a0,83,1b,8f,eb,d9,c8,e0,41,ea,0d,d3,af,74,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-14 19:00:50
ComboFix-quarantined-files.txt 2012-12-15 00:00
.
Pre-Run: 4,255,985,664 bytes free
Post-Run: 4,787,822,592 bytes free
.
- - End Of File - - 447D62F9EAB82175CF1D0D58725C4CFD

Are we getting closer? Thanks so much again,

R

Link to post
Share on other sites

Can you explain these entries from the OTL log:

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

Those entries are designed to bypass activation on an Adobe product, that is against Forum policy as fas as i`m aware,

Link to post
Share on other sites

I'm not sure why they are there, as I bought legitimate licenses for the Adobe CS6 products that I use (Photoshop, Illustrator, and After Effects) through my school. That said, my computer was used by a few coworkers over the summer (including the person who got me in to this appbario8 mess in the first place) who are all visual designers - it could have been them. I am not using any pirated software on my machine.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.