Jump to content

Annoying extension in chrome won't go away


Recommended Posts

So i did what you said cause i know this forum is cool and all(installed malwarebytes, ran a quick scan, deleted the 7 detected threats and rebooted then did another quickscan and detected 0 threats) but when i came back the extension is still there so i decided to post here.

My first scan log:mbam-log-2013-12-26 (04-15-00).txt

dds.txt:dds.txt

attach.txt:attach.txt

If it sorta helps, this is the picture of the extension that's bugging me since yesterday:

1ltd.png
 

 

 

Thanks for reading and happy holidays!

Link to post
Share on other sites

Hello balwaremytes and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as ÊTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Please generate a new fresh DDS log files and post them in your next reply.

Link to post
Share on other sites

Truly sorry. I didn't notice that part.
Anyways here it is dds.txt: 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_26
Run by Administrator at 5:40:50 on 2013-12-26
Microsoft Windows 7 Professional   6.1.7601.1.932.81.1033.18.1909.607 [GMT 9:00]
.
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Garena Plus\bbtalk\BBtalk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uProxyServer = 172.21.0.39:8088
uProxyOverride = <local>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [DriverMax_RESTART] <no file>
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-Explorer: NoPropertiesMyComputers = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: NoDriveTypeAutoRun = dword:95
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
TCP: Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09} : NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\26167716C602D6167636F6E6E6563647 : DHCPNameServer = 192.168.126.1
TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\3402D20213236383023716973702D45627279702348627963747D61637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}\C496E616D27657563747 : DHCPNameServer = 192.168.15.1 192.168.33.1
TCP: Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857} : NameServer = 58.71.2.8,58.71.2.7
TCP: Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0} : NameServer = 10.188.62.1 202.126.40.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\an3ukoya.default\
FF - prefs.js: network.proxy.ftp - 172.21.0.39
FF - prefs.js: network.proxy.ftp_port - 8088
FF - prefs.js: network.proxy.gopher - 172.21.0.39
FF - prefs.js: network.proxy.gopher_port - 8088
FF - prefs.js: network.proxy.http - 172.21.0.39
FF - prefs.js: network.proxy.http_port - 8088
FF - prefs.js: network.proxy.socks - 172.21.0.39
FF - prefs.js: network.proxy.socks_port - 8088
FF - prefs.js: network.proxy.ssl - 172.21.0.39
FF - prefs.js: network.proxy.ssl_port - 8088
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\drivers\cnnctfy2.sys [2012-9-29 27248]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-8-15 188808]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-7-27 13480]
R2 Connectify;Connectify;c:\program files\connectify\ConnectifyService.exe [2011-9-30 69632]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-8-15 122376]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-15 271712]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-4-5 101168]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-1-15 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-7-27 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-1-15 74088]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-7-27 63928]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-27 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2013-12-22 132864]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-11-6 24704]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2013-12-22 379392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-12-22 76544]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-27 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-27 232448]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-18 6758912]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-27 75112]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2013-12-22 657504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-3 29472]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-9-23 654552]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-12-22 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-12-22 11136]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-9-23 49088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-12-22 96000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-15 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-9 52224]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2010-10-2 428160]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-30 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-27 5087584]
.
=============== Created Last 30 ================
.
2013-12-25 19:04:21 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2013-12-25 19:04:15 -------- d-----w- c:\programdata\Malwarebytes
2013-12-25 19:04:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-25 19:04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-25 01:43:46 -------- d-----w- c:\programdata\QuickSet
2013-12-25 01:43:07 -------- d-----w- c:\programdata\YoutubeAdblocker
2013-12-25 01:42:49 -------- d-----w- c:\programdata\surf and kkeEp
2013-12-25 01:42:32 -------- d-----w- c:\programdata\8aca19f1a27ddeff
2013-12-24 09:55:00 -------- d-----w- c:\users\administrator\appdata\roaming\MPC-HC
2013-12-24 09:53:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2013-12-22 06:34:24 -------- d-----w- c:\programdata\Steam
2013-12-21 22:36:56 -------- d-----w- c:\program files\Integrated Camera Driver
2013-12-21 22:36:55 -------- d-----w- c:\program files\Chicony Electronics Co.,Ltd
2013-12-21 22:36:23 132864 ----a-w- c:\windows\system32\drivers\5U877.sys
2013-12-21 22:36:23 106496 ----a-w- c:\windows\system32\5U877.ax
2013-12-21 22:27:57 106496 ----a-w- c:\windows\system32\5U877.dll
2013-12-21 21:46:22 96000 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-12-21 21:46:22 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-12-21 21:46:22 76544 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-12-21 21:46:22 70272 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-12-21 21:46:22 379392 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-12-21 21:46:22 27520 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-12-21 21:46:22 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-12-21 21:46:22 205312 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-12-21 21:46:22 199168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-12-21 21:46:22 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-12-21 21:46:22 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-12-21 21:46:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-12-17 08:05:06 -------- d-----w- c:\users\administrator\appdata\roaming\Adobe Mini Bridge CS5
2013-12-17 08:05:05 -------- d-----w- c:\users\administrator\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-16 19:44:03 -------- d-----w- c:\users\administrator\appdata\local\Pokemon Showdown
2013-12-16 19:41:55 -------- d-----w- c:\program files\Pokemon Showdown
2013-12-08 15:00:02 -------- d-----w- c:\users\administrator\appdata\roaming\mkvtoolnix
2013-12-07 15:44:03 -------- d-----w- c:\program files\Innovative Solutions
2013-11-28 20:01:26 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a54813c4-4330-4b54-b624-1fddeb1d0e92}\mpengine.dll
2013-11-28 17:03:07 -------- d-----w- c:\users\administrator\appdata\roaming\mIRC
2013-11-27 15:23:05 -------- d-----w- c:\programdata\RELOADED
.
==================== Find3M  ====================
.
2013-12-16 10:01:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-16 10:01:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 18:07:18 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-14 18:07:18 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-14 18:07:17 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-14 18:07:17 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-14 18:07:16 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-14 18:06:54 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-14 18:06:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 18:06:53 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-14 18:06:28 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-10 20:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-05 19:17:46 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
.
============= FINISH:  5:41:07.15 ===============
 
 
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/2/2010 3:53:08 PM
System Uptime: 12/26/2013 4:25:13 AM (1 hours ago)
.
Motherboard: LENOVO |  | 05784WA
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | CPU 1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 4.374 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.8)
CCleaner
Combined Community Codec Pack 2013-11-27
Connectify
DAEMON Tools Ultra
Defraggler
DriverMax 7
EPSON Printer Software
EPSON Scan
ESET NOD32 Antivirus
Globe Tattoo Broadband
Google Chrome
Google Talk Plugin
Google Update Helper
Integrated Camera Driver Installer Package Ver.1.0.1.9
Integrated Camera TWAIN
Internet Download Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office Excel 2007
Microsoft Office OneNote 2007
Microsoft Office PowerPoint 2007
Microsoft Office Publisher 2007
Microsoft Office Word 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Nokia Connectivity Cable Driver
PDF Settings CS5
Pokemon Showdown
Rainmeter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
TeamViewer 8
Unlocker 1.9.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Winamp
Winamp Detector Plug-in
.
==== Event Viewer Messages From Past Week ========
.
12/26/2013 4:26:47 AM, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Event Log service terminated unexpectedly.  It has done this 1 time(s).
12/26/2013 4:26:16 AM, Error: SNMP [1500]  - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
12/26/2013 4:26:09 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
12/26/2013 4:26:09 AM, Error: Service Control Manager [7000]  - The Globe Tattoo Broadband. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/26/2013 4:24:10 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

  • Here it is:
  •  
  • Junkware Removal Tool log:
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Professional x86
    Ran by Administrator on 12/27/2013 Fri at 21:58:58.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-powerdirector-11_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-powerdirector-11_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_microsoft-security-essentials_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_microsoft-security-essentials_RASMANCS
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ FireFox
     
    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"
    Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\an3ukoya.default\extensions\staged
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/27/2013 Fri at 22:02:06.56
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner log:

 

# AdwCleaner v3.016 - Report created 27/12/2013 at 22:06:00

# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Administrator - AFMNLSLROPSXX20
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\surf and kkeEp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DDCE885-25F4-4E06-A10E-C7D1D4A97ECF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDCE885-25F4-4E06-A10E-C7D1D4A97ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v8.0.1 (en-US)
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\an3ukoya.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [2241 octets] - [27/12/2013 22:04:55]
AdwCleaner[s0].txt - [2200 octets] - [27/12/2013 22:06:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2260 octets] ##########
 
Malwarebytes' Anti-Malware log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.25.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Administrator :: AFMNLSLROPSXX20 [administrator]
 
12/27/2013 10:08:43 PM
mbam-log-2013-12-27 (22-08-43).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240071
Time elapsed: 8 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

That took like, forever. 
Here's the logs:

C:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable.rar a variant of Win32/RiskWare.HackAV.JA application deleted - quarantined
C:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup.rar a variant of Win32/RiskWare.HackAV.JA application deleted - quarantined
C:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-Final-Portable\TNod-1.4.2.3-Final-Portable\TNODUP-Portable.exe a variant of Win32/RiskWare.HackAV.JA application deleted - quarantined
C:\Users\Administrator\Documents\pol documents\ESET NOD32 Antivirus v7.0.302 (32-bit ONLY)\TNOD User & Password Finder 1.4.2.3 (32 & 64Bits)\TNod-1.4.2.3-final-setup\TNod-1.4.2.3-final-setup.exe a variant of Win32/RiskWare.HackAV.JA application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\DAEMONToolsUltra200-0159.exe multiple threats cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\DraStic_DS_Emulator_Apk_v2.1.6.2a_Full_Proper_v2_Android_Apps.zip.exe Win32/InstalleRex.M application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\drivermax_7_25_cnet.exe a variant of Win32/DealPly.I application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\Programs\winamp565_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\The.Walking.Dead.Season.2.Episode.1-RELOADED\rld-twd2e1.iso a variant of Win32/HackTool.Crack.BL application deleted - quarantined
Link to post
Share on other sites

Don't worry.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL.txt:

 

OTL logfile created on: 12/31/2013 3:10:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.52% Memory free
3.73 Gb Paging File | 2.52 Gb Available in Paging File | 67.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 3.52 Gb Free Space | 1.18% Space Free | Partition Type: NTFS
Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
PRC - [2013/12/13 12:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
PRC - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 13:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/05 14:58:00 | 003,573,624 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/12/12 22:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2011/09/30 03:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/15 00:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/04/20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/11 18:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/27 13:56:44 | 000,027,952 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dll
MOD - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
MOD - [2013/12/13 12:24:37 | 000,896,304 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/12/13 12:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
MOD - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2013/10/30 05:44:58 | 000,678,584 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2013/10/30 05:38:52 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
MOD - [2013/10/30 05:38:32 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\SysInfo.dll
MOD - [2013/09/20 20:12:15 | 000,956,208 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/08/23 18:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2013/07/26 15:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dll
MOD - [2013/07/15 23:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
MOD - [2013/04/10 18:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 18:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files\Garena Plus\libmpg123.dll
MOD - [2013/03/13 19:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dll
MOD - [2013/03/07 11:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 11:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 11:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dll
MOD - [2013/02/07 18:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dll
MOD - [2013/02/07 18:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 18:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dll
MOD - [2013/02/07 18:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dll
MOD - [2013/02/07 18:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dll
MOD - [2013/02/01 14:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files\Garena Plus\libzmq.dll
MOD - [2013/01/30 17:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 17:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dll
MOD - [2013/01/14 20:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/12/04 22:15:17 | 000,247,808 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ToolBarMgrPlugin.dll
MOD - [2012/11/30 22:30:47 | 000,256,512 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll
MOD - [2012/11/30 22:30:13 | 000,333,824 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\MenuMgrPlugin.dll
MOD - [2012/11/30 22:30:02 | 000,270,848 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XFramePlugin.dll
MOD - [2012/11/30 22:29:57 | 000,331,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\StatusBarMgrPlugin.dll
MOD - [2012/11/30 22:29:36 | 000,595,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\core.dll
MOD - [2012/11/30 13:50:37 | 000,580,096 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll
MOD - [2012/11/30 13:50:09 | 000,854,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SMSUIPlugin.dll
MOD - [2012/11/23 15:14:49 | 000,119,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ConnectMgrUIPlugin.dll
MOD - [2012/11/23 15:14:40 | 000,416,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogUIPlugin.dll
MOD - [2012/11/23 15:14:29 | 000,715,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallUIPlugin.dll
MOD - [2012/11/23 15:14:22 | 000,493,568 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoUIExPlugin.dll
MOD - [2012/11/23 15:14:16 | 000,302,592 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DiagnosisPlugin.dll
MOD - [2012/11/23 15:14:07 | 000,391,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectPlugin.dll
MOD - [2012/11/23 15:14:02 | 000,117,248 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LayoutPlugin.dll
MOD - [2012/11/23 15:13:52 | 000,818,688 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookUIPlugin.dll
MOD - [2012/11/23 15:13:49 | 000,569,344 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogSrvPlugin.dll
MOD - [2012/11/23 15:13:47 | 000,702,464 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoSrvPlugin.dll
MOD - [2012/11/23 15:13:47 | 000,177,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallSrvPlugin.dll
MOD - [2012/11/23 15:13:45 | 000,730,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceAppPlugin.dll
MOD - [2012/11/23 15:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NotifyServicePlugin.dll
MOD - [2012/11/23 15:13:42 | 000,729,088 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceSrvPlugin.dll
MOD - [2012/11/23 15:13:40 | 000,704,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsAppPlugin.dll
MOD - [2012/11/23 15:13:39 | 000,219,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsSrvPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,593,408 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialupUIPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,157,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\STKSrvPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,142,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\USSDSrvPlugin.dll
MOD - [2012/11/23 15:13:37 | 001,124,352 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookPlugin.dll
MOD - [2012/11/23 15:13:33 | 000,672,768 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookSrvPlugin.dll
MOD - [2012/11/23 15:13:31 | 000,236,032 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialUpPlugin.dll
MOD - [2012/11/23 15:13:31 | 000,201,216 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISPlugin.dll
MOD - [2012/11/23 15:13:30 | 000,247,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetSrvPlugin.dll
MOD - [2012/11/23 15:13:20 | 000,065,536 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSPowerMgr.dll
MOD - [2012/11/23 15:13:18 | 000,131,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSNDIS.dll
MOD - [2012/11/23 15:13:17 | 000,288,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\sdk.dll
MOD - [2012/11/23 15:13:17 | 000,166,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSDialup.dll
MOD - [2012/11/23 15:13:17 | 000,102,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSAdapt.dll
MOD - [2012/11/23 15:13:16 | 000,646,144 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AtCodec.dll
MOD - [2012/11/23 15:13:14 | 000,195,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XCodec.dll
MOD - [2012/11/23 15:13:12 | 000,583,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\PluginContainer.dll
MOD - [2012/11/23 15:13:10 | 000,062,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSCall.dll
MOD - [2012/11/23 15:13:09 | 000,187,392 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallAppPlugin.dll
MOD - [2012/11/23 15:13:06 | 000,168,960 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ATR2SMgr.dll
MOD - [2012/11/23 15:12:55 | 000,158,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectSrvPlugin.dll
MOD - [2012/11/23 15:12:54 | 000,407,040 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Proxy.dll
MOD - [2012/11/23 15:12:54 | 000,155,136 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DataServicePlugin.dll
MOD - [2012/11/23 15:12:52 | 000,158,208 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Trace.dll
MOD - [2012/11/23 15:12:51 | 000,628,224 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Common.dll
MOD - [2012/11/12 12:48:40 | 000,694,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LiveUpdateInterface.dll
MOD - [2012/11/01 21:10:52 | 000,370,176 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll
MOD - [2012/11/01 21:10:52 | 000,350,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll
MOD - [2012/11/01 21:10:52 | 000,192,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll
MOD - [2012/11/01 21:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll
MOD - [2012/11/01 21:10:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qico4.dll
MOD - [2012/10/31 18:33:34 | 009,562,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtGui4.dll
MOD - [2012/10/31 18:14:12 | 001,148,416 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtNetwork4.dll
MOD - [2012/10/31 18:11:48 | 000,398,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtXml4.dll
MOD - [2012/10/31 18:11:24 | 002,417,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtCore4.dll
MOD - [2012/09/13 15:19:18 | 000,048,640 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/07/27 15:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 15:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/07/27 15:53:54 | 001,114,112 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISAPI.dll
MOD - [2012/06/06 10:22:00 | 000,224,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\tdpcvoice.dll
MOD - [2012/06/06 10:22:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Win7Support.dll
MOD - [2012/04/24 10:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 12:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 12:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/08 17:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/02/22 17:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dll
MOD - [2012/02/22 17:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dll
MOD - [2012/02/22 17:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dll
MOD - [2010/11/29 05:34:18 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/05/12 19:25:00 | 000,037,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/06/23 11:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\libgcc_s_dw2-1.dll
MOD - [2009/01/11 03:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/12/16 19:01:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/15 03:10:07 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/01 21:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/23 23:22:04 | 000,654,552 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/30 04:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/06 02:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\air21\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/11/06 04:17:46 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus)
DRV - [2013/08/15 18:01:50 | 000,122,376 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013/08/15 18:01:06 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/08/15 18:00:26 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/04/05 20:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/12/03 19:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/10/30 13:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/09/29 22:58:32 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV - [2012/08/20 09:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/20 09:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/12/31 10:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/06/21 14:59:22 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 19:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/05 04:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/05/12 19:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/03/18 14:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010/03/11 18:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/01/08 19:50:08 | 000,232,448 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/01/07 13:32:24 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 09:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/05/12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/12/01 15:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 11:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter303.sys -- (vmfilter303)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 B7 CC FB 78 4A CB 01  [binary data]
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "172.0.21.21"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.socks: "172.0.21.21"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "172.0.21.21"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "172.21.0.39"
FF - prefs.js..network.proxy.ftp_port: 8088
FF - prefs.js..network.proxy.gopher: "172.21.0.39"
FF - prefs.js..network.proxy.gopher_port: 8088
FF - prefs.js..network.proxy.http: "172.21.0.39"
FF - prefs.js..network.proxy.http_port: 8088
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.21.0.39"
FF - prefs.js..network.proxy.socks_port: 8088
FF - prefs.js..network.proxy.ssl: "172.21.0.39"
FF - prefs.js..network.proxy.ssl_port: 8088
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 09:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/11/07 01:46:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M]
 
[2010/09/27 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/12/27 22:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\an3ukoya.default\extensions
[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/09/30 02:17:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5
[2011/12/08 12:17:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/03/12 17:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
[2011/12/08 12:17:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/24 22:29:21 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2011/12/08 12:17:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\IDMGCExt.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PluginRichmediaplayer (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Disabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Garena Talk Plugin (Disabled) = C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nokia Suite Enabler Plugin (Disabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Attack on Titan Theme for 1440x900 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke\1.2_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IDM Integration = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadkjnljmcmhlhlnajpnfebchgiemack\0.9\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/11/07 21:13:06 | 000,003,412 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 69 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [DriverMax_RESTART]  File not found
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputers = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09}: NameServer = 10.188.62.1 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857}: NameServer = 58.71.2.8,58.71.2.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0}: NameServer = 10.198.220.124 202.126.40.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/31 03:10:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/12/27 22:04:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/26 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/12/26 04:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/26 04:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/26 04:04:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/26 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/25 10:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\8aca19f1a27ddeff
[2013/12/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/12/24 18:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/12/24 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2013/12/22 15:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/12/22 07:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Integrated Camera Driver
[2013/12/22 07:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Chicony Electronics Co.,Ltd
[2013/12/22 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2013/12/22 07:36:23 | 000,132,864 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\drivers\5U877.sys
[2013/12/22 07:36:23 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.ax
[2013/12/22 07:27:57 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.dll
[2013/12/22 06:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globe Tattoo Broadband
[2013/12/22 06:46:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013/12/22 06:46:22 | 000,379,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2013/12/22 06:46:22 | 000,205,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2013/12/22 06:46:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013/12/22 06:46:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013/12/22 06:46:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013/12/22 06:46:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013/12/22 06:46:22 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013/12/22 06:46:22 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013/12/22 06:46:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013/12/22 06:46:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2013/12/22 06:46:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013/12/17 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5
[2013/12/17 17:05:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/17 04:44:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2013/12/17 04:44:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Pokemon Showdown
[2013/12/17 04:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon Showdown
[2013/12/09 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix
[2013/12/08 00:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2013/12/08 00:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/31 03:08:19 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 03:08:19 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/12/31 03:01:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/31 03:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/31 03:00:48 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/30 22:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 22:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job
[2013/12/30 22:46:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job
[2013/12/30 22:25:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500UA.job
[2013/12/30 21:32:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job
[2013/12/30 21:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job
[2013/12/30 18:25:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500Core.job
[2013/12/29 23:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job
[2013/12/29 00:30:39 | 000,673,540 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/29 00:30:39 | 000,128,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/29 00:09:39 | 000,000,084 | ---- | M] () -- C:\Windows\option.ini
[2013/12/28 17:13:35 | 003,794,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/28 04:46:59 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/12/25 02:27:03 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/12/22 06:48:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/26 04:25:25 | 003,794,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/22 18:58:46 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/12/22 18:26:56 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/12/22 06:48:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013/12/17 04:42:02 | 000,001,974 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
[2013/12/08 18:41:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job
[2013/11/09 01:49:18 | 000,000,084 | ---- | C] () -- C:\Windows\option.ini
[2013/11/07 02:29:16 | 000,007,760 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2013/09/21 14:06:54 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2013/09/21 14:06:44 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013/09/21 14:06:43 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2013/09/21 14:06:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2013/08/10 08:06:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/10 08:06:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/10 08:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/10 08:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/10 08:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/30 21:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/29 10:09:38 | 000,000,884 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012/12/10 03:02:58 | 000,202,080 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/11/13 18:00:00 | 000,000,113 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/11/13 17:57:12 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe
[2012/10/07 12:21:11 | 000,007,597 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/05/26 16:56:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/05/26 16:56:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/05/24 20:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\syconfig.INI
[2012/05/24 20:15:15 | 000,243,712 | ---- | C] () -- C:\Windows\System32\libunic.dll
[2012/05/24 20:10:20 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini
[2010/10/04 10:01:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/22 02:54:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Ultra
[2013/12/30 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2010/11/10 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2013/07/21 02:37:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena
[2013/12/31 03:05:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2013/12/26 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDM
[2013/12/09 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix
[2013/12/24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/12/28 05:44:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rainmeter
[2013/12/17 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/08/17 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013/12/31 03:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9D742B1A
 
< End of report >
 
Link to post
Share on other sites

Extras.txt

 

OTL Extras logfile created on: 12/31/2013 3:10:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.52% Memory free
3.73 Gb Paging File | 2.52 Gb Available in Paging File | 67.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 3.52 Gb Free Space | 1.18% Space Free | Partition Type: NTFS
Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0173B409-67AA-4D1B-BA4D-565949786767}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{01A97EEC-9FBB-4A18-A30E-D02340B97236}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{01C77E57-C285-4321-9B86-1A137525C211}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{01D2B0F1-41EA-4B2E-9572-C99F8C305F3C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{02075B43-6282-4EB9-84AD-F46EE2E5262E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{02294E59-5EA7-4107-8870-6B121ADD3860}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{024F1A33-C027-43F6-9698-4E7C17F0FFE1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{02CF7C48-75DB-48D2-8F01-2FE1106D52A8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{03728E74-D48F-4224-9603-4B2678093CEF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{03EB1BDE-7F4D-4F63-BC30-25E10B43FA82}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{03F0C701-16C8-45C0-9989-CE80B968FA87}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{04FC6C29-5903-4B4C-9A22-859AFCD496F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{053C850F-3FD6-4D43-AC43-3D00C45E3DE5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{06A69858-C543-48A7-8C51-1689DA7C2241}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0747EE68-E73D-470B-A199-E873A79BD24D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{07E63B35-9ECC-489D-A65A-0609039ACDAB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0810CDD6-AE5E-4B95-B571-8C54F718377B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{084A5113-90D7-49FA-BC66-D620B4A7B3D7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{08BC8ECC-01BB-4D9B-BBFA-262268B8A7DA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{08F9D5D5-9BBD-44AA-9B3E-5C16938E0E21}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{09B7F365-F199-4404-AEA2-E49AA1282F85}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{0A892E5C-AE86-4DDE-A9D7-68DEC6A142BD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{0B7AD0E8-72C0-40E3-A345-9C1A3F204917}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{0B8C71A1-02F4-4673-A1A9-394C9659946B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0C133268-E06C-44CA-8B1C-8D51BE607373}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0DAC53FB-C48C-4FD9-9B3B-44C9E7BE1438}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{0E419222-793E-4990-A96F-A1FA78E19AE6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0EDD93BE-5EF0-47F9-A513-8C3608FF260E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{0F49779D-898A-4A47-A33E-5538E7ADCA31}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0F92C2DC-EC09-41AF-91A0-F3D9015E04D9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0F93796E-FC1E-4933-95DB-450ADC995559}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0FAFACC7-5E88-4BB3-81DC-DEA177F05F75}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0FDC4E83-1FB3-4BFD-8D22-51433962D12E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{101B3894-4B97-4F74-8E3F-9CC80E68B922}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{10472DD8-B7C0-48EE-9E15-51EAE5B31517}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{10772523-58CA-4BAC-B60E-3CB213426266}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{119CCD3E-E5C1-4D71-BB11-B1B25F76D1E6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{11C82FBC-D1F1-4120-8E65-DECB5B62A669}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{11DFD44E-8F55-401C-9F5F-B3D23A72F2F1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{12072302-9FD3-4B2F-BA56-94DA5F7CA74D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{120F50E6-96D7-49BD-B437-566510772EF9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{12A42228-EDF8-44B7-9042-803F3D8CB5D6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{12C94490-5A80-451E-B8FE-4F8F2FB24189}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{132C8519-A5DB-42B4-AA5A-65EBA29A3B4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{13C66DF1-56F2-4145-A910-6CA51902265F}" = lport=1317 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{147F5FC3-B6D7-42D9-925C-0F262BE1E00B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{15F5F5B8-F49B-43DB-B3E1-76DDDB800C24}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1710B953-BC0E-4888-9620-3C7D767BF115}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{1751DA94-4972-47B6-B2F8-2789A6A5D74B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{17959326-B24F-4333-B0D7-38E26B0C24F9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{17D96839-2D14-4E4C-ABA8-3624542FBBA7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{190F2097-7D95-475A-9192-A32B34C77C6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{195AA94F-041D-44A9-9E3E-5C378F3F6F57}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1962F6BB-85DF-485E-85F5-F5C94AF92D15}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{19EAA48F-28E6-4C33-8A5A-E2166106A7E1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{19F85D3E-5C75-4DCA-8785-578667CF028B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{1A443F36-A8DC-447A-AF7F-C06CFAD5B7DE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1ABFB55D-A3DB-48DC-BF79-03B3A9B4686F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1AE38079-1E16-44F0-A952-7134AC30345D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{1B162AA7-6075-4950-AAB4-ED10A5C6267E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1B3A1139-E43B-495E-BE21-3B7564AE5008}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1BCD44EC-C902-47AA-8570-A5168A5FA377}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{1D928727-D632-43F5-ADA1-2E500A8BB299}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1DD74844-8F4B-46B9-8476-EB87D558F26B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DDAF3E4-40BE-4B4B-9C1C-5C5FF015D631}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1EAB48E0-0262-4EC5-AAF1-F83583C76D26}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{205005D1-8877-46BB-9BA5-C88B94BB8DB2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{20DB18BC-67D7-4E51-8B63-2CAD4FCF0878}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{22BA98CC-1565-4501-BE3A-E7EDC77542CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{24031656-A49D-4EAF-ADED-6119B227C0FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24E951E0-8BC8-465B-8A81-086E73F48FA1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2560C1B6-2B06-408A-A8A7-8728100A2E7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{266D7280-0567-48BA-833A-7790B2EBF68E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{26BF17F3-F1E6-411F-AFCC-3CC87FBCE663}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{26CC46A5-D559-4C88-8A5E-6A5F7C16316F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{26DB935A-4A45-4F11-A708-B92D1F18F6A0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{28523065-FF38-4079-A76E-C3A29D1967EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{299B070A-B173-4130-8648-4395859B46F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{2A3200E0-5C7F-4C8F-924E-FCB4DE8DFF05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2AF02ECA-4022-4DBD-A0F5-15AC17DD9454}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B683911-F3AA-49B4-992D-3038C3327F64}" = lport=68 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{2CA86210-9666-4E8A-8626-29373645E0E9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F691441-CD82-4C04-817F-A36AED0FC3B0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{30900822-2508-4EA8-9220-8D33315E3311}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{311AA2B1-C76D-4BBE-842A-25DCB501D121}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3128235C-0E41-4C9B-A545-7B4549E9FB21}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe | 
"{324F64CA-9168-4092-B3E3-50223CE6AC75}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32CB7B85-551C-4848-9BF0-18E99CE3D1FF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32D6BAFC-1DD5-490E-99D6-FB7AA6319D14}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{33D69803-23A3-4CEE-A817-5EE47A611CC3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{33E27ABC-7450-435A-ABDA-22C73A1469B8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{33E7FDF6-8F22-46FC-BF7E-01367A0A23BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33FA538F-8C90-4F79-979A-8210BB3FA8E2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{343C1DD9-CBEF-4A96-A1D1-C28A78F74D94}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{34D66704-7DD1-43FB-BE68-512202423D4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{34DEBCBA-5B99-476E-80E0-DE8316294E05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3610F106-8D3E-430A-879C-791F51BF97A8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{361A38F7-7AEE-471C-B239-07F4FDA33EAA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{365FAC77-84C7-45AD-83D0-7E56AD7399DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{37D9ACD2-A9C8-4369-90D9-5F88BEEB1C45}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{38E5317A-3742-432C-82D0-713505789F88}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{390112CE-A4A8-4924-B51C-1167C40D6152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{394A9AA2-A81E-4632-9611-9BE5FBD5A849}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{39B92FB2-8B48-46AA-9087-7637DCF607A2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39E4D9DB-0162-4FC9-82FE-BAF4FC08F515}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3B302EE0-5B3C-4834-9F1B-B2ADE9D14DB8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3B5AC7D8-AE96-4DA0-93D3-7C3FCC6A6787}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3B8018BC-0DF2-4131-AC49-328064D57881}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3BF57C70-5061-479B-8A0D-BC6304ECC8B2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3C6A4FDA-6DAF-45A0-9127-3C59CC364B12}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3DD1497F-350A-4922-AC68-134D6A1F452B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3E4883B5-BEB1-409F-8375-1DD5C9C96B2F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3FBD063B-419B-490A-93DD-53248489F027}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{41EE4D81-BB31-459C-B486-03BD967D3E69}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{42A2246F-91B1-4FA3-AB06-D43F1CEAD581}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{438B4EE6-0756-489F-B796-FFD29DC2E974}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44C40A3F-A175-4C83-93D5-31255E9064C3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{45409A6C-89F0-47C1-B589-4FECB719F14C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{461E1F9E-F382-4463-830A-1FC3AB3C5716}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{48BDFB7D-3A11-411E-B326-6ECFD9D32709}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{49033634-83B5-4BF3-9B1F-1EADB4377026}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{49528235-27A1-4838-9CC9-BEB66F055080}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{49AABEC8-5B5D-4DA8-9026-448D1546CB0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{49D9870E-BD98-41A2-88E6-5D740E00082C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{4AACC1F6-5423-4F85-A2D9-ACD91F00CC23}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B050F43-B45C-46A5-9D2E-3826BB4BDB19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B3CE2CE-8DBE-4379-B68E-55D043115B5D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4CEA4B74-464C-43A7-9656-E6A428BAEE08}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4DC5985A-B925-4DB7-8D1C-65D56FDB5AA0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4EB51FC6-EB18-4ED7-8427-A13A7EA347A6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4EE96DFE-0A1C-4C3C-9B3D-3C84C3A545BA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4FCCA625-2F81-4B74-981C-A11BB42564CA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{51630D1A-2127-4A15-A358-ACC263F5695E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51B9334D-A126-466A-B281-787517E8B0AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{549B1F2E-EA7D-4985-BF5F-7EE9F030C4D4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{54EA182E-D516-4550-9C94-CDCF48423EEE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{5545C1C4-EC91-41A1-B10C-3BA2536CFEB5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{5550C57F-2006-4E8E-8D62-E75DC779E142}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{55805CAE-C896-403C-8E71-909A6C96B287}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{56745E8A-0DD8-4A21-8AE6-8A568BE3E6FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{574D6BD4-D15F-4F29-B13A-26111782E6BE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{577963EE-657E-44D5-82B9-04417ED60503}" = lport=1303 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{578E2CBC-CE5F-4D15-8E08-AF642ECA3D2C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{584EC797-9021-460B-84B7-0235EA59D691}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{587BDC4C-6FD4-42BF-8995-6621553D14D3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{59396211-DBDC-4CEE-8F39-D1B5D1898441}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{597AB8F5-C333-4372-B22F-8241E4CBC9C8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A2D00CB-5D2C-416C-BC02-B5269C3D2E0A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A8D19CC-CB69-424B-B2A3-212611D07D8E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5BB7DCC3-BCCB-4264-8A93-F28FE300690B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{5C13D7DC-CE31-4BB9-8132-CB55FF2DDF9A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{5EBAFF8F-A2BC-4C02-B163-C686D0646BAC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5F4AFFE9-B9B9-4544-B235-10249AF516D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{60A08330-5148-4073-8094-C291C0B12502}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{60AEEE43-0EF8-49A6-A975-D9CE89FF16EF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{62260C47-8F05-40A6-A4A4-A655267E13D1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{627E06E6-1975-491D-B176-907DF46A789D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{63D6A3CD-79B4-4AD3-8548-34D7AE345256}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6467C5B0-B6CE-46E3-8A65-8D680A0C7216}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{64AF3AE2-A7D7-4330-9E1F-6E57B9556266}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{65AD3EC6-A262-45AE-BFEC-5031EC8D4701}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6791DEA6-1611-4150-B009-C5125BE01EAC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{67DC91F9-B339-4BE2-92AD-E9447A6AEFC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{67F0C9B5-3646-4706-8BF0-D7B401EF06C9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{67FBD1E5-F819-4CA2-8E7F-B6967C0EA173}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68F54EC9-CDD3-4E6D-B5B8-EAD7899D4AAD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{69D125D6-1F66-4E04-9942-D561C6D710C4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{69E20048-2536-4F27-82BC-668AED49D9F7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6AEDC011-F9DA-47C6-BBF2-47382B18A2F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6BBE291A-BD0D-485B-8FB8-CC8634CF597E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6DF4851F-476E-4BC7-A667-0960688C9E68}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6F5F25FA-6F9B-4E11-A7B3-9EFD2E8A9727}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6F7A813E-3964-40D5-BFDF-B58B64912C04}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{70A99603-725E-4108-9557-5B4B05F8154D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{70DCB726-56D1-4F8A-BFAC-0D518CA8D9A8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{715DE8F2-FA37-4E86-BF4D-AF16D922B90E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{736E874F-40F1-4838-8698-20BD8A050A7E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{73AF2DF0-209D-4B39-A9CE-2087ECAE41A5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{73F32BDE-13A9-4EB0-87D6-825F83F6C9E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{76015735-18AF-42A1-A5D5-A0342FEC8B28}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{764874F8-451A-4041-8F8E-3116A8160711}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{764A9118-0B19-4020-9B0A-458029D96E58}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{76C49BD0-E9D5-4E0C-AE26-E22C93B89D0F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{777689EE-6C0B-497E-96A2-DABCA322F2D8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{7813F2DA-A6D0-4430-8FCD-BDF792C49EEA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7830D9D5-36BA-4C26-B496-06F3F9134C68}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{797246AC-77FD-42C6-A7A9-1F3E3D627E30}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{79CB7C42-917B-49E2-8FD2-CD7DD2AD5886}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{79D237DE-E8E7-46E2-BCD2-EF55310F70B3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7AF55974-BEDA-4452-90CE-4DF087E7B6FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7B5D2C88-EF37-4C69-9B59-D9CE4F833B63}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7D92E255-320E-497A-A022-D47F044D78CD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DF5510F-D6E1-4570-A0F6-F5737D358F5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{808B1AA8-8CE9-4C1B-BC2F-5411835B43B8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{80978CEC-9A17-49CB-BF8D-DE9862C999C4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8134CE2E-8615-4EDE-B50D-3F17F4BE6F81}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{81C751B2-5E20-4FFA-BE92-B18CDD8DAB66}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{81E10CDB-5027-4867-9CD6-400849AA118E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{822DC30B-83AB-446B-8B1E-414F305488DF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{824ED760-6116-4089-B8E5-E81D33BF8D24}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{826C653C-5FFF-4E91-ACFE-F8F4BB7953E5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{82C47420-978C-412B-84E7-6A73C45F84B5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{8395A20B-4624-4216-815C-12A82CF29E9A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{83FAC94C-ECB3-4E74-B11C-A49091DEDD47}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{84D34152-75E8-4F03-BE19-96EAC0364599}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85639D94-4273-4248-A9DB-F17B19C04271}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8591248F-12F1-4892-B143-0CA91AB14CBE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85C19181-3DE7-4074-88CB-6AB39DC1082E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{865E8341-BAE4-4A80-8799-DF4C9B4C1D41}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8776C882-3710-4AF2-A170-BF9B9E5B2EC0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{879DFEBD-F6F1-411D-9DE4-1DDBFFC684C1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{87D99353-776E-4027-8C28-A8D5806067C5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{8813AAB5-123A-41CF-8AF0-E622FB9F15EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88EF34E6-1C85-40E0-A17D-5D2577A144C8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{890E4A18-68E0-4FF4-B30C-74D95CB3A056}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A2D9B27-AB1E-4097-85FA-3F6AD8C68DE8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A4BB6D5-5799-4723-9AD1-D7DC315171CD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A50C739-51A9-48E8-A80A-FE5A89670415}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A82867C-48B8-44B1-A015-82DB6AE3BC3C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AD18F09-BD82-4D75-A00A-A89C849BEA0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AEABF58-7285-4EAA-8A81-1D53BDBD1504}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{8D2635E1-1499-4335-90AD-1180DA3C3B30}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8E38B77B-67F9-4947-B709-9BC5AFCE5FED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8FE0265B-F02C-45CD-8585-D21CDE3E75FD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8FF03619-08DA-4506-9391-95BBF2611526}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{905F7E0C-37EE-48CD-AEF0-5AD0F0AD6AA2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{912D7A90-62C4-42D1-A41F-CB3D2D969112}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9385E1CC-2B24-46B6-BA70-EF16A96187A5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{938F8F16-91B1-4EED-A685-6AC40883CE74}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9558AA5D-46EB-4137-82AC-303D8249E3F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{956828EB-82FB-42E6-A63A-92E7726F772D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{96D1A032-7127-4171-9C97-3A9B47B34228}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96DD4782-7105-4A2C-B532-34979FDB7CA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9769C8E2-1DB1-46A1-8EBB-0562836165DB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9869C5E9-BD6A-478A-8C77-55097072C3FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9A134DA9-812F-4075-BC8A-C32507B913C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A15BAD3-E887-4566-8464-8BFC534DAABE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9ACD4DFE-C97A-4D18-9303-08727799697D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9ADF755C-A069-46B3-91B1-4ED7185F7170}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9AE411AD-50D6-4198-B0CF-29865DE5FF68}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9B424388-322A-4FDD-940F-042BBCECB292}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9BC77D37-7E26-40B8-B1AA-1E8E22DDD750}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9BCC0916-E0E0-4E40-9F34-4241E1408FDE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9C54754F-D376-471A-B27A-33624968238F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9C573F03-6E78-43E8-817A-DAADA8285DF2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9D671E8F-BFEE-439D-90F7-209BE89ABD15}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9EBDC97C-9819-4015-8158-1DF7B83E21A6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9EE1CC89-A3F0-44CE-BF4C-CDDC50410718}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9EE4B71C-793B-4923-9619-8CBD3953D26C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9EF1E3E2-065D-4D5F-AA88-DE089CEE3A66}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9F7E328E-6E66-453E-A80B-79CFCC2924C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FD9B1F8-87C3-4B8C-A566-E4C2F8777A05}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A0B5F52D-4C20-44E2-AD5C-DA31BD44DA28}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A25E63D0-BBFF-4367-AB3A-A3D138CDA1FB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A27E8050-4ADE-4BBE-BE2E-BCAA611EEC6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4397DFE-2E3A-4FA9-8468-79A60D9F69D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A450528B-D4D0-44AD-BE14-44407AE54F0B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A47E070C-5EB5-4F47-939B-C633778F0896}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4B9DF84-BE11-4160-96EF-9C87EBABCBE7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4D04FF3-9038-43A7-9786-031EEE505FDD}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A549CCCA-2D30-406E-982D-1D5B7FBC7156}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A575EF02-B8D5-4164-91B5-B899383A2F28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A61D20E5-34D5-4CEC-8940-049363C7E1B1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A6AA60C9-C10E-4BAA-AD59-11C4D7F90C5E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A70503E3-8E3C-423C-B545-5C4A1DBF3F4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7326D35-8723-4C98-9D23-262560916AA7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A84C1CF0-4E37-48A8-A6A5-BCD23C14D7FB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A89301FB-CFFE-4854-8A4A-9DD987C7E392}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A8D8DD6F-64A5-486F-8F7D-CB4C395A1C8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A9070419-DF72-4E88-8370-C72E04214252}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A9538F24-D88A-4140-915C-9D26A825E3B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A979E413-5818-4FD5-88A5-BA0337A6545D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AA60BEDC-0A1C-4C72-8630-F245278B8886}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AAB0F1EF-2126-4222-A9F2-F8ACF03BF073}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AAD161D1-1743-447C-9A8C-5E243F9E9916}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ABC38545-83B1-4B90-9D07-57076C0C6DBC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ACDDB4CA-FB73-4A62-A663-316A1F5391CF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AD061D10-4809-40B3-BBA3-5C4CFC1007ED}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{AEB43045-6742-41D1-AD15-CB239CED6688}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{AF632E83-F0BE-4774-BE6C-438A06558F62}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AFBF6817-E181-4A05-B554-F37762DB5146}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{AFF91CEC-7F44-4DD3-A030-0CC8F1A2EF18}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0A11E3E-332C-40A8-A743-21566F715601}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{B21FEBB7-663C-460B-B27B-EDB18B8E1EAE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B29D8F29-692A-41E0-BB77-37598A2593D4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B2B3B487-B3ED-4F88-9EF3-E7034FEA292F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{B2C12581-4E84-440F-9A21-7440C22F11E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B32A30D6-2421-433B-923A-88D5E8F94728}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B3E4B956-900C-4379-86E6-CBE91DE7A769}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B3FF3B13-1F5F-4846-8086-DD86A11B41A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B465238B-76F1-4261-B41F-4157D7918FD6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4788EB8-2315-47E0-BC27-C39C44398944}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B50945A8-724E-4768-8A77-0334486B292F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B5475EB9-9FCB-4ECD-9B91-289319AA9488}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B595236D-1E39-4396-B4E3-F6D60DC79388}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B6CB085A-B01A-4C6F-9D36-0D6D16F9EE56}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B74F5BD7-4C62-4D55-8A03-708C809A92C2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B86D5E0B-D9D6-47AC-8709-32FBB428B014}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B8B353E6-3DA7-498D-838A-9E74E615B1DE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8FE71DC-9E3F-4BAC-9F34-3046027C1199}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B942B85E-D1F9-4A5B-A76E-93E4A4F31A47}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B967E7D3-4620-4419-88ED-1420F3E72356}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B98AA951-6507-42C2-9FDD-5DC93DF4BB98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B9F07ED1-C5D3-49B4-9B49-31BDD3C0C70D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BBAAAA44-F263-432E-9F58-C5AD65C1A54F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BBB8C7A7-4FDC-47E0-AEB6-E3FA4F16F2B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BC0A26ED-76FD-4DFF-9911-81072408DBAA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE03CB37-40DE-43C0-A45A-D236A3637E33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BF5A6910-8D0C-4109-9852-BF23D3C72DF3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BFAA6B2E-0FFC-4EF5-9D16-E7D14D6420ED}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C001ADCC-B7D7-49DA-8404-3DBE37C3DF7A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C2499518-7ABF-487E-962E-6C208E21FE5F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C2D0562C-E0E9-43BE-A9E5-C7F267E6356D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C2D20CDA-CE50-4FEB-B67F-0A50F44BCDA3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C4114D2C-2327-41D5-A8E4-9C88ACD48D64}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C442FC60-21CF-4C18-BAC3-77EE5708EAE5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C602707A-B408-4B23-9261-C3319396690C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C636F697-945A-4CBE-A1F6-833EE4047FDC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{C6FAB303-7F4A-4074-AA74-A6963A06FB42}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{C70914D9-1494-4206-9697-24CA974978A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C7FB5918-170D-4C82-978F-D1269918C672}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C9050FFE-5151-44E3-9C67-6E57F28BD76E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C9615A8C-97DA-4FA1-B459-27002F1DAAE8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C9C21D5E-8EE8-45D9-B91A-16A9D75D8AD8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CA48B7F4-11B9-4DA9-8EA8-34C30EB5CF43}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{CA521D49-0B81-4F7C-865F-4DCDD84F773C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CA900CA4-5316-4EE0-BCB6-243207919B78}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB693859-2720-45F3-BE44-6593F66944D0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CC9E3459-FEBF-4931-B832-C2A7884DB566}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CDFFF07E-309B-4B43-B355-363B244EE5F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CEDEAC83-6C7A-41ED-8B72-54599E1F1B6C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D276DDF5-3336-426E-B4A1-CEAADE317009}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{D30EC640-D22A-44F9-9B52-55398DD7FDC1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D42C2BC5-34AE-422F-937E-DF9AEC0BB547}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D451CF71-74AD-401C-88CB-53B6D897CC40}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D50585B3-847D-4A80-97C1-C2B1368C61E7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D5CD49E2-6D29-451D-BDAC-391A616EFF51}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D5CE4868-90BC-4ACA-A41F-DF1CBFF0F294}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D6DB4AF3-5379-40F4-A7DC-4475F748D0DD}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D768A78D-C79C-4B21-AC3F-4A60E0C7EAED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8C4B54D-5F71-46C9-BC40-A00B00AC0C4F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D91E6A32-BBD7-494C-B722-2437E8A06D82}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D99FBD02-CEA2-4EC9-9AF0-7F9CAD386B7E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D9B6EDC7-958E-4297-AF51-60DA95144A59}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D9D7F323-71C9-46DE-A664-4AD645CDA2FE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB4E679A-AE38-4583-8946-A07E3184879F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBCE82E6-EA94-46A2-A204-73694C97ED2F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DC87C054-FAB6-48B9-8AAF-9E7ED6DCFCDF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DD4DA07C-84BE-4100-98AA-514828C5D13D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DD82E22F-7381-4836-A36B-5F67425E47E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DDE4D9CA-A4EF-4699-BE2C-C69332F0664A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DE9E79F1-B70F-46AC-A07A-2A123726EA6D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF19213E-ECA3-4760-84D4-28897EE00A8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF964B3B-E004-4F21-BBED-04B5D1435FB9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DFE1D4C5-35B6-424F-B0FE-5FAC07069166}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E03E98E4-338D-4A74-A315-8B6C3A9F228F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E126DCBD-09A4-4BD0-9500-F8DB23C461E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E14C2666-2274-4029-AFEB-AEBE41EC6445}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E19423BD-DE23-4C39-B1D4-D43140639812}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E20CC3BB-FC1A-4990-AFA9-A2E645B5BD65}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E291E5A4-131D-48F5-91F2-DB2BE14B2B86}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E2ED46AF-1522-4D19-8229-E81A08093A22}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E3C94D7A-ADD0-4C2C-8689-C28EBE908851}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E3EAB60B-E753-4CA3-AE75-D2DDADCE176E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E51A2F16-5327-43D5-98A5-0D77CCC911E5}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe | 
"{E528A9FC-7101-4CBF-981B-91614E57612F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E5957FE8-E74E-4D0A-B70D-6960B799353F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8098363-F72A-47F3-854A-467CB0298A28}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8445D50-C168-42DB-BB6F-FF42DA6F1FE0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8A34D3B-2E32-4CB9-8B7B-1035738F6684}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E946C26A-1788-4677-8F13-D49728BB9C91}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EA39F334-A0C9-4932-A086-A05212C6EC54}" = lport=67 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{EA489804-9926-4BF9-AC31-3E877943F51D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB3597E7-1C78-4125-BE2D-38AFD7AB4F43}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB5E4604-5BE9-4797-AADC-C8F3871FF968}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC2F8AE6-9053-4529-B738-BC1A72B7909F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC740C08-5CCC-459C-A960-CB6FEDF96CC1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EE820A4A-9DD5-46C2-A34A-CA45CD41F6A5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EEFCCC6F-761A-4406-8409-57305565EA57}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EF267757-A152-449B-B250-28405F1C63F0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EFEFFC4F-A3DD-4A69-A26C-55E9B30C4AD8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F02B9F78-B7FE-4726-A6AE-38A26D7503B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F096294A-04EF-48D2-85BB-4A9834395B83}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{F2424822-DCB1-483F-9D84-B154413F17F7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{F270EBD4-38BB-45D0-8FE0-808BBD150A74}" = lport=53 | protocol=17 | dir=in | app=c:\program files\connectify\connectifynetservices.exe | 
"{F3A84B17-BE96-4880-B05B-2D926528FAAC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F43B6E7C-92C0-44DF-9443-BDAD025B07A3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F46FE701-D6F1-42FD-9632-5C4396C1E593}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F52FAE3E-37D9-4CA6-AAC6-62E768372270}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F5433408-2EB0-42C7-922D-2C89F5C5921A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F739D46C-7370-4262-B533-87AD87BEA0F6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{F836C7E2-0727-4C45-BEDB-B1EB6EA53C24}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F8A08840-4EA6-4694-A261-0E173A6269E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{F8CAFC82-95AC-46D9-89C4-AE5C4564ED10}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F8F57ADA-2714-439A-BA67-EE7F24045798}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{F9490359-03FD-4713-95FC-1A90F6D47FC2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F9CFBE8F-DFF1-40B2-A821-14D146ADD76A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAC8C772-52C4-4143-B61A-1EFCC8D33967}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FBC0F7EC-93C4-415C-9D50-9646B61CEB4E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FC13E7E5-C17D-441B-8BB6-704B67233DF4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{FCB5021A-79FA-4B91-B10F-5E490C5B39D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FD18FF6C-1104-47D5-9409-BE558BDF820E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FFD87034-811B-436A-AD8E-FE035256AA62}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000DF983-4451-4D93-853D-F42E4C372E7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0017C48A-A2FA-4223-BD83-81C87C9D243B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{004E76FC-D816-47D3-A149-2FBF69DD9476}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{01724D10-5609-4646-96C5-787F7CD9A2A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{020D0FE0-F3EC-463D-8FDC-2F773FFA5105}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{02D79FE2-DFA2-4F90-878D-34EB5CFCE082}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{02FB44AA-5285-4EA7-A2B4-6ADBDCF6E2A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0383430E-322E-472D-A463-9C4D9DBB1D3E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{03D54717-CBB1-480E-ACD9-A9948369553D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{03E9DBF8-7D84-46E6-8F9C-A1D3828D26C0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{03FD14A3-2B0C-4192-A182-23247D131A0E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{040BEFB9-9F1C-4878-8376-3AE50C8D66BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0413AB6F-CA1C-47E0-81DA-E13AEABC3731}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{047F0EA3-619A-4791-BE44-AA754F80C013}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{04DC899D-E62E-4089-91D2-11C8D872B7F3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{056F2357-7C7A-4506-A95E-25791848FD29}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0595DA27-63B1-4B86-A262-D2D00E0E1335}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{05C95DE8-2646-49E4-A2D1-F5FFF844EC2B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{060F6F41-9F2D-4145-99B8-8605CD72E95B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{06217AA1-DE99-437D-8AAA-776CC71E69C5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{06D7A3DF-45F2-403C-A09E-78066556C247}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{06E38BAC-196D-457B-BF4C-770D352CB2E8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{073D05D7-FFF6-416D-98F2-D1ADC72033E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0838A27F-E4ED-4DF8-94B1-D1A6154ED2D0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0976A7E1-1D55-45BD-A9F6-75896452FFFE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{09AF7774-3C16-4614-BA37-6AAF23FE1FDF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A115E82-9815-411B-A388-77AD8847E389}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A843A3F-A5CF-43F2-9C22-552063FBA8BD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0B59F4CB-E05B-4BE4-B166-7415EFD4B89B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0C44EAE6-62A8-447B-BDFE-F3C2AC6858FC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0CFB7061-AE8E-4AD2-84B2-04E74094201C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0D3AD775-4128-4E1E-BC6B-77A1D33B8D1B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0D74027C-6EC6-43A2-BBE0-2979B1B459E6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0DF79BE3-6BB6-43C6-9DB1-2FB84E6C4A20}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E2C45EF-87EC-4E2E-B920-52F58DD0DABC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E429E20-7B19-4556-BB4E-BB38E8A03F09}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0EC994B5-31D7-4E8E-8053-BB404B8273C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0F11AD7A-4D3A-4546-A3C2-D65D7FB21751}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1063CC69-B2F0-4DFE-901F-B5854319B7B1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{10915CFC-6DB5-4CC8-837A-E62039C0088C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{116D3974-B46D-4492-8450-CF7FCE74FEC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{11A7C91D-8554-46BE-B35A-C624957D1254}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{12971C6C-AFD9-44D8-956B-9F1BCECF2A05}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{13318F72-711F-4E39-8625-C6EB5C4386C8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{139C2122-C0A8-4D00-B4F5-7337AAD6BCDA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{14C5244E-AC23-4A06-B7AD-679033DE0E3D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{14DA4060-5B32-4DD3-9BB6-0AE2AAD0280F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{14DE2781-C6A9-4132-BF98-1D9D24DD2A8D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{150644BF-F09E-415B-9039-45DFB2918236}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{150CE1EF-58E7-4999-88F8-8EBB616E40A0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{152461DA-409B-4D81-873C-9BB31E173C6E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{15609CCB-C321-4180-80F1-E9B62C455DF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{156E46D8-C985-46EA-8740-6A9C98DA5A68}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{156FE0E8-31DA-43FB-857E-AD6F4372D76B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1666FE3B-46E6-42D2-8A65-145AB5BCB0FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{167EFF18-0BD8-4567-A4E4-B6032B031EFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{16DAF006-3B98-4799-9B37-58FDE49F3722}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1911D9ED-BCCD-44C4-A1F4-A3CDDA43C42D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1925B283-1B65-48F8-9205-BEC372D0CB3C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{196D6C4F-9544-4A65-83EF-534EB55D1DE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{19A84398-4640-4BBA-9960-6F7457B0F855}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1ACE6DEA-0452-4123-941E-E5143DF2FE90}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B40262E-DEBA-4BA2-A677-B4CABCF70E16}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B4C8001-0455-434A-AF84-1827E27C09A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1D097BD2-1E7A-4109-AE3D-FC6C3BD332D9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1D1625EE-E109-4F95-A01A-560EF7127AA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1D3E81B6-079F-427A-9057-93336688E34C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1DBF91C2-E11E-4CE5-B271-05BC6B4A3544}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1E29A080-449A-493D-846E-3FA844E92F0B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1EDCFE85-745A-489F-98F8-FBC02F03AF3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1F67CE36-4F26-4137-A65B-77F93561526A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1F96EB35-05C2-4CCA-A51A-6A7E5AD39C2D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1FA50F36-776E-43AB-BF8D-69371513EBAA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1FE407A6-B549-45EF-B993-067D55FE2919}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{20C43953-886A-4693-8B02-5943B781DA6E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) | 
"{2105A9A5-8442-4B9B-A952-49FB23EB7E83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2143EF6C-872E-45B1-91A7-55D9D09D336C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2146672C-E911-4F3B-97AE-8CDA952D2E17}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{217D027E-FA2F-4FCD-9200-8BA6110CCB27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{217E0BF7-1572-425F-94EC-E47AE7D9F055}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{21C00E33-8774-4EF1-800E-3A8339FED997}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{22156EE7-46A2-4F89-AD58-41FD166A78F4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2236BF68-C4AB-4B8B-9F1D-601595C6C699}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{22D0C439-2F97-4FF4-B104-9DC3EC68AFFA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2372F9F9-B526-42F2-8035-AEB6348A9679}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{23FF3B1A-D39C-4F2E-B9AB-BEA058E07886}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{240DAD8F-1C12-4FA1-9489-1EF0B19CFCFA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{25454B48-5FFC-4949-B955-0DC23772927F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{25E21A23-917C-4229-8A1D-27AC738AA767}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{26206C9D-E2D7-41BB-9AA6-206450CEFB6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{26689097-71BA-4A54-A052-B1A72E35B406}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{26A2FC31-488B-48B6-AF47-6B2600DDEF3B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2715219C-CBD2-428F-BD87-D4B40C26A8C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{278DBA71-8B07-499D-8BC0-940043CB64BE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{27B57FF0-A9A9-4964-B00A-16DB8E3D3058}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{27E72E86-ADD9-464E-BDF5-23ECE3E49530}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{283DB388-8369-4E19-A7E2-CD47DC7CA41B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
Link to post
Share on other sites

post too long

 

"{29A871B9-F15C-48FF-A1C0-56D0E4013E9B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{29C053BA-0787-455C-A347-3D2D40596D39}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2A717691-6BD6-4D16-AEB3-C187A27328C3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2A9DF276-FBB9-4264-B56E-8DD7A7555549}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2B2D3359-7B31-4262-9DBA-B601DE3BC483}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2B42561D-C26C-4510-8D20-C9147E144BD2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2B429DC8-1171-4B06-9ACC-B186162F8262}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2B470AA9-B2A7-4D5B-AEB9-16234F53A1CE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B97B84A-6CC1-4A17-AB8D-1826007B4196}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2BB21F26-41F5-4FEE-8398-25FA92886ADE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C036DBC-22C8-4467-B46A-A0FD8BAA9E59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2CB47967-627F-46E5-B938-4A81E66E7839}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2CE06EC3-22A1-4261-8575-B721FB94D647}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2CF125EB-AC17-44AC-9E1C-881E0936B71A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2D4BF2DE-7F87-43C5-9B00-AC2352F067A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2D6981B0-0A1E-418A-B32C-69B1D56208A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2E3413D0-2026-4840-AB38-AB806FEAA634}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2F591080-3949-4A93-8C18-84A6247CA896}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2FAE40B1-BFF4-4513-8683-46C9F96AFBD9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{30533E0D-CD62-4424-BF46-500E893B03B0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{317D5920-EF36-4836-8808-AE19B6C7AEC3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{31CCB5F1-78DE-41A9-BD3F-99C47F28A6C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31DA7574-7FE0-484C-8EF9-243D3AED8832}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{31F0549E-E94A-4347-9CF3-D779B1841C0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{321AA424-BA00-4B29-A382-5A0FA1DA0DA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{325A74AB-3552-4274-9842-6635C2705D99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3286BC99-3F5D-46C3-955F-1A0CBEEF4517}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32F37093-D516-40E1-94EA-2D5E1911FC54}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{336B1C33-14D2-4B96-A773-B83EB0CA5EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3435D171-6B04-4F43-9CB4-35FA3172E6C1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3465FD24-FE96-483B-9DB3-6C3318CC08F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{34B5368D-E3C0-4412-8E6F-2419CE2ABC3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{350D6DB9-5F6D-48D4-8DCF-61E4F82D30B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{350F2264-A94B-4C5E-A4A5-B32AB576455B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{359C14EE-D0CA-459D-AA45-EDEEB0283C92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{36A36F9A-E596-41AD-88E4-3B0ABCDA5C85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{36DC2024-2A27-4B14-88F6-F4CC3FBEAD70}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{37017330-2C19-49D3-8813-B21548905D74}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3703C9F4-8806-4302-A928-639E0272FE2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3760D2E0-C59B-40B3-B4C5-D25D49C00E6D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{376843E4-A7DA-429C-BD20-E1F21F4A49CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{37D6388E-231E-4CEA-A22E-DD589DFEFDB7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{38C47A6E-CE0B-4A2B-A05C-830D76B0239F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{38D981FF-A1C3-41A1-B6E1-A43E7B845AAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3985CAD4-66A7-432A-80C2-77E54C915883}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{398B2A3D-5364-4B5C-A795-CE8E0168B73E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39B37DA2-F189-4161-96BE-75DED45C8CDD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3B5414D4-9E27-4464-9A53-39C80A208724}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3D03C40D-00D4-4AED-9674-88F8DC404B5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E263CDF-2AE2-4BB3-9764-EDFFE738E7F0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E50003F-CCC6-40A0-8B71-4D11ACB638DF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F7C5A9D-F2B5-47FD-BF78-96310F12E50C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41178CB9-A59A-4A12-8316-AFA7A967E0D3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{415C634C-B923-4A95-929A-BA192E7D4185}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41FA5845-73DD-4D2B-ABA4-76262370038A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{420650EF-97B9-4D4C-AAEF-E1CE743AA82F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{427F996C-8E59-41BD-B5BE-A2270E67408E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{43453221-F8F3-4C9D-B6C8-107E61CAFAD8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{437A5899-B46B-453B-8756-9341226F02B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4471D969-D6D6-4F80-90FA-0484BB70C145}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44A3A069-3390-42A0-85FE-EA5EC8A5ACFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44ED22CE-AC6A-4FE4-A401-3D5325446504}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{450240CE-59F4-4EE4-AE0A-76BD384C9989}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{456625B0-9496-4DF6-9564-8DE3C0D887A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{45FB4BD9-D5E3-46BD-A700-7EE832E76507}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{46E66EAF-1330-4430-A325-EB5D28935F52}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{471868E9-15A3-4F84-9D98-C2DCF46AD45A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{48111767-8776-46CC-8E7A-50344C7C00B9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{48660460-849B-424A-A849-C9746053715A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{48711D37-BEED-4113-A18D-5974E27597E2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{489C7F16-B2A7-42CA-87DB-AEE5CFCCBA4D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{48D2D48A-77CF-4902-A887-3CCBA87429B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4947ECD7-4A05-436B-9018-C8CD4F519AD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4A5FAF31-EBE2-4305-8F20-F42827B131C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A68EE89-553E-4CFC-8707-3B3942E6222A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4AB3935D-D790-47FE-A150-848DA2CF76B4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4AB3D1DE-A720-4C7D-840B-4AF6ECA3133A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B2B1F77-6045-48D5-904F-5AE4390A75D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4BC32ADA-298A-42BC-A97F-49EE911655BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C0E14ED-A4A3-425F-8B72-280A65E6275E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4C6C063C-680A-4A38-B1E6-DE25F2E87A02}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4CD2E2BD-6972-4A57-A7FF-DD03FBA4666A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D4B4D8A-D637-4B0A-A2ED-164AFB7A4C6A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4DAE5152-AD80-4FCF-B1B4-C0FEAE3265ED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4DC12671-E8DE-4528-AE5F-60D676BE1B75}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4F326E04-3DEE-4253-BFFC-06AD9E2E7A52}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4F4B2D1C-1201-44D1-B074-E2B3777022C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{51AFB719-32B5-463F-B770-A613047E5FC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{51E9022A-5243-4E0D-BE7F-B393E68F5857}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5311C253-A964-41A6-896D-19FED21CF8E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5340657A-493B-426E-A395-BAA6890125EA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5398E1A4-DF41-4969-A599-977CB5413AC3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{53993883-7DA2-48AE-AE1B-B9BB64F6020D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{53C4AC4D-F179-4430-8EEA-75CB27A5B1B7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{54144987-82BC-42A3-A1F6-126535F247F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{548B5A89-A22B-4DA2-97D8-E3DDAF88F1D3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{54F660C9-4700-40EB-9801-0F79D19FAAB3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{552BCE4B-90AC-4529-A985-1356EA384EB9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{55F6A793-0869-42A8-B73D-DC52F4634D8B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{55FF6EA5-2681-499A-866B-23CF5FE60693}" = dir=in | app=c:\windows\system32\rundll32.exe | 
"{56C4A4FA-E900-4ABF-92FE-44493B1D0D90}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5702863B-986C-4E3D-96EC-CC1D781CCCBF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57064535-ED57-4160-808A-9C0FF0FB24E2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5833397C-BB13-457E-BB09-E2946C397206}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{583B7B90-250B-4515-9CBB-F4FF6EC73E30}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{584D22AE-49F0-4794-BE08-B600AC4D9550}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{592F9B0C-AB96-428C-9785-2AE0F36AD670}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{593A6C85-E9D8-48B2-89FD-4FE0CE54A931}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{594654E4-477D-4276-95DE-E4EC7188682B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5949936E-779F-40BD-852C-E500D1FEB7DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{59C4AEE0-1632-4254-9C59-126E4742F230}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{59E904F3-E7DE-4F9E-A909-19D01D88B813}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5A5D7F13-AD75-46F9-B61A-AEF76F86FA4A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A8CAF84-FEB1-4E92-A632-560B45761D5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5A96047D-5511-4B60-BFC3-DA41D80FF3C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5AE0677F-10FD-4EFF-8BDA-6A4F6573F95D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5B738A9C-C416-4A4D-B4C2-3F0C9717B38C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5B9FDB4C-A507-447F-880C-CE6F7B844CC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5BE638A4-D351-44AD-A6E5-891D689B6E2B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5C88086B-EA4B-4EDC-A43E-A08F5BFCC4D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5CEEDB65-12DF-4896-BD7E-7E1E9DFE0F97}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D333FCB-E6E6-4477-9087-55925293CCB9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5D471C91-0E91-429F-9564-1AEB1C2C3255}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D709B2D-3938-4679-BA32-51405428811F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5D75399F-E5E8-4DDF-B791-70C7E6982B3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5DBAE34C-DB18-4E20-BEFF-DDDEE2A466A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5DBB5E85-110B-406B-827D-FD6B60DA6148}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5E03E9E9-409B-439D-823A-BCE079D072DB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5E79FB2A-C372-497C-9591-D74ED9499FE5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5E9DBC61-EAC5-4A07-9643-604200525097}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5F6B1D0E-9E2C-4FDB-B652-BC989C16EE5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FE6F137-52DC-41D3-AFD0-2327B40A637F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5FEBBD6B-5148-4650-B1EB-E79789F2B811}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{610BB16C-E5EC-47E8-A835-BE97D7A05990}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{61F083AE-E88D-4FF5-BC05-E430E5AB5FEA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{627D4B07-8C32-437E-86D8-FDFBD2FC0A88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{628A297A-023A-4380-A4E2-60EE2190E1F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{62AB9D9D-C339-4746-97C1-2DDA5820BB98}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{63D8B155-C7D9-4B4A-9A32-D294B40E96D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{63F896A9-67D0-4C95-BB81-4D82A27D4C36}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{640D6825-9511-42BF-A4CF-7EC92D4B5043}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{64F69C8C-E120-42A3-B36B-BE2F9B748463}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6503F501-7451-4679-A0A5-9173B0EA8B5E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{657BD760-852B-4DB0-978D-8F7A9B15BD54}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6586BB9A-CD9C-46A7-BA38-11B54C59DCD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{65D1137C-C74B-4D76-8CF7-1A9FA815C567}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{65EBEA08-8D68-455F-B230-DB168A2C0F04}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66017510-9D41-4DE1-8394-D4970C412DDF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66714B46-493B-48D5-9375-7967E6B9F384}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{669DF7DF-5932-4456-8718-8832C5F33E53}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66A53BC4-AA8E-4613-B2DC-0256677092EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66E455D2-F6B0-4D37-A555-5E12B3627C2E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6723D224-6213-4061-9A6F-C5104D960A19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{674B5010-9CD0-4CD1-87FF-1D5AF288500D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{67B33098-A584-46E4-84E9-D0E12F89AF0E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{680FA811-341D-46F0-9BBE-8C87FF2A11F5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{683D7A30-3381-40AE-9035-A473B660DFD7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{68582D57-2309-44AF-994D-B0ABE1AAC9FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{686525E7-B58B-43F3-9C66-872E717F1254}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6896D72F-6974-4C64-A2C1-89A191918E68}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{69270170-5773-407B-B348-56C0007A63BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{69574267-905B-4C37-B6AC-0984B800B168}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{69813C06-9798-40F7-998C-9A566FD54F26}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{69DA03DC-99DC-45BD-A0BC-AA1DB75814EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6A1FFFBE-4993-4F50-B1B3-D4F4556A66DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6A29A9FE-E97F-4E80-B5D8-A7ACB7ABB3F8}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{6AD0A8CD-2094-46B4-9DE6-598B3C63E9B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6AEEE273-5006-4649-AED8-79A045EF0A8E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6BD1B12A-2C49-4C7A-8AA5-4EFA9537FFD8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D9200BB-AD0B-4ABA-A36C-71A269187AD0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6DD8AC11-D2BD-4F15-98C3-92419D9D2198}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6DF4037A-7AED-44AC-A74E-D4B4CCCF0326}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6E30834D-BF62-4A92-BB3A-F7AEE7D42EAE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6E9F166C-006D-4B4B-9314-610EE1C71F34}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6F412651-0054-4CDA-A19A-6B262479052E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7014CC7D-4A31-4867-806B-3771E09A42FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{70F8C4E2-F52A-41B0-AAAD-84F189DA3C6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7191E40E-8AB9-4BF8-AD1D-E8AA59982D40}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{71EAB536-5D25-4178-BDB3-8B594CFF07B7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{72654068-2236-477D-BEC1-C1B8D553AA2F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7282B175-5A4F-431B-9804-335D07189C70}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{72CABFF9-1349-4F3E-81D1-E93F9AE91A9B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{72DA3072-6537-437D-8DAA-0F6801D91CA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{72FE0B35-F094-4579-AAC6-0F67D9CDBFB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{733CFB8E-3A5D-4B6A-8A2D-553E6E52BAC0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{733D1098-B906-4338-ABF2-0AA31E000875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7367C852-24BF-4E76-9F1B-A2AD6E7F707E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{73CA2AE0-A45C-4DE5-8784-68535BB91C4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{743D9759-2711-409C-AF85-1E66F1F6EC76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{748A0DB8-A908-4063-A60E-F94288914E99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{74A0512D-604D-4B21-AB01-93D2F8D5E707}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{75D48CDC-384A-48B7-B0DB-23E3E1324D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{75E1EE3E-7BFE-4ED4-B169-549845DFBA51}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{76A6E4D3-0BD4-485F-A503-D525BDD1AD79}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{78061B2E-2E89-40E6-841A-1CFC5BC2532B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7813E71F-2245-409C-BF51-FED8BF70B5C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{784F2057-E6C6-4798-B202-66F1192718F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{791FFA23-9C44-409D-BA6E-EEF93D5E45C1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{79400961-0CBF-4FCE-89EC-C9C89E07A6BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7A22E6A4-105D-4EDD-9B35-3D175C76D81E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7A53768D-5CD2-4AC4-A5C3-22B42C375F34}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7AEB30CB-6360-43C9-8530-32AA89FDD966}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7B9180FE-3648-4508-B87B-D6FB7C8BCACE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7BFB9E3A-9B48-4E26-A9BF-44E6B76B297C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7C241AF0-0C59-4967-AB26-CF8F72443CC0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7CE7E004-DFAA-41DB-8196-31200B508851}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7D66E507-D548-4141-8A99-BB9A869280AC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7E746FD9-BA33-4FF3-BDF0-3FE72C6983A7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7E9FE252-F625-4A6E-A1CC-8D4484BAA8BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7EA4C11E-834E-4F38-9C93-8187FA81BADD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7ED12852-A431-4672-BD0B-4450B074A487}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7EEFE199-F571-445A-9287-6C47BA09C631}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7F273C5C-7D71-4CFC-A460-4FAE8C10233C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7F58E9F8-D15F-4FD9-937D-F28492C6AA33}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7F718FFA-91C4-49C8-94A7-28FADED14F19}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7FDC6D64-5289-44FE-8609-2A011E2B445D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{80D1F881-6303-4B0F-8A24-5B82B34B0A1A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8190007A-5043-40FA-9850-8A52D59C3C88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8264E583-FFF8-4F35-AF0C-04E6FF2D047E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{837E3421-2E0F-4373-9031-E8BA295C5D2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{84AB07E2-D44E-4CE7-AA3B-268EB1C7F624}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{84F1D82A-EC60-4B0E-89A7-AAD12280A45E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85BC1007-9FC3-42D7-9DE2-988DD8965C2F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85BF1154-B9CD-482D-A65E-1CFD46256776}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{86990AA0-C40B-4C16-8DBD-1E1C3677C5D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8782024B-3DD0-4280-9B2B-9B88C16F07FE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{87C0A4D2-2686-4CED-8021-11D2350E363C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8822327D-F4C6-402E-B989-35B78069915E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{883CDCBB-0754-491B-9099-5881A2674F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{88883D1F-416C-4BE7-8E43-12513CD61FA2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{88ADB090-709E-4F1D-B20E-184D2FF15468}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{88B3C4A4-3C91-48AA-8DA0-A0078C3E3173}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{88C23C18-FC27-432D-BD58-D0CF42C6634E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{89494910-BEDB-425F-A325-B8F16BB65E6F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{89C2EE49-F3D4-4841-BA6E-A8895E856B16}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8A731BDD-9FA0-4580-B188-29954CF89E11}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8A96FF2D-7B33-4639-BE3D-D07C5CD98FE6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8B413CF6-D8A6-4B70-9A45-5C2EC9864C02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8B49FEF6-8B73-4C2A-BE8A-ECA6485A7A15}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8B981584-89E1-44F7-BFF9-B2C4F695273A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8BF68A30-554B-467F-8D97-78751CAC6FAF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8D32800A-E306-4F53-B162-3EA4A36CDE02}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8D877752-BF87-4740-BB52-40C1E03D023F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8DB527E9-BA1E-4545-9133-C7A2519CF172}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8DD2C787-B1D9-427F-94CD-17EF0517E271}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8DD5C9C5-330D-4FC6-95B9-09193B979461}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8DDEE601-E0C7-42A0-9906-8F527169E0AE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8DF29F16-40B0-4835-A03C-EA2D1809A976}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8E27B4DC-B856-4681-A525-F2A20726E939}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8E292A2E-D8BC-40D7-BA44-8122573DE184}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8EA4A397-9992-4A88-A6AA-6F40E840ABDB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8EA60711-BF47-4010-B04C-E9619D3ACD38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F3E89CA-523F-470C-8F09-B37AD0EFCF7B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F5C1922-C44A-4CFE-AD98-A61E5ED32FC5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8F65C2BF-F5DA-4ED0-90E6-185177FDC7B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8F760B7A-3EF6-4BDC-9661-D531C66BD3D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F8D2248-7C8B-421B-B3EC-822FD419622D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{905DBFEA-1E1F-4B34-8FA0-C0509E10DCE0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{905EA8D9-2C99-4949-AA24-610A97E9A5A2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{911C33A4-C28C-4593-8EA4-B6714974F686}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{91349B93-8271-413A-AE9C-D39373835CDA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{913D1EDF-20AD-4640-9A45-B8314537CF0B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{91914263-13D3-43E8-99E3-F3EBF3D266FA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9202DDDC-132F-4C99-855F-B60525C73DBC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{920EB1A8-13E2-464F-92A4-A03FB57BBF65}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{92D03FFC-B152-4E74-8B8F-B3EB64E26081}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{934915E9-C542-4E9D-A7A0-1589325CDEA6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9380F241-224C-4524-AAC3-7EB96C7EABF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{93E167A8-9AEF-4CB8-B3B1-9E0B99F5F3F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9464AF61-D4A6-442C-B567-4ADD32CCA73E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{94ADA2C0-BE4C-48F5-A3CF-1630C1F769AA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{94D34F83-433D-4CCE-98D0-DD61C19C1B3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{94EC0509-02CC-433B-985F-2D0A63831FAC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9505BA64-3E2F-4147-B6F7-A167589CEE6D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{95AB53EA-C288-4083-AAD7-221BAF30196F}" = dir=out | app=c:\windows\system32\svchost.exe | 
"{95C49CF9-E9CE-4097-A55A-DCDA6549B770}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{95E094A6-9A46-4AAF-81BD-06B15B5A9628}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{96B0D3CC-B1F9-47DA-BED6-8820316233AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96B2D1C1-4045-4DD3-A414-2D3662E461D3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96B4E751-B965-411C-84FE-82823BF9ED04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{983D4877-0DF7-4C15-8ED0-FA90B67F3473}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{988A23D9-5360-4E08-9E9F-F913AFC203DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9A7B1B28-1C08-4882-A48E-9FD9994B1634}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9A861C97-EB13-4A4F-8A8B-6A32365FF220}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9ABBF043-AF0B-4CD1-B02F-7C3BDC939EA4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9AE24418-9EC2-41FC-A3F5-35F6587B349F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9B53AA22-1F8D-48D3-A7B6-2B578CC28F08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9B6EF2FA-4590-454D-92C4-15B3AB7E0FE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9BEAAC79-9AE0-400B-A31D-16595CC48AEE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9C0F92B8-92A7-4D13-A780-2E30A215AE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C0FEABD-5EEB-4289-BEFA-9B01B9C0E62F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C6706E8-FA39-4B73-BC27-2A6AAEE8D706}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9CA5F3DC-3DD7-4167-B6BF-5158F5C06E14}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9CC31776-9603-4A46-AB13-AE9ECC3CE370}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9D81F202-7996-4249-B633-F2227A138494}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9E0D0B89-4DDC-4964-A950-B970063CA9B3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9E5F40A1-CF90-4E2F-8F7E-450EB43B7383}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9EAC3DB0-F33C-4BD5-B9ED-86DCD7F2C635}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9EB06BF2-7E21-41A1-9C82-84329791419F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9F398D77-0905-4624-A753-5D932089D959}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FA2B091-7941-4332-971D-D8BD45F679E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9FE3DC63-88BD-44CC-A257-0454579A44AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A05596BF-F5BF-4966-899E-0E337376D7B5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A1178816-E0D1-4F27-9DFD-FCD226924E9B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A13925A5-49C8-46AD-A113-307B225808FD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A1A8199E-D798-48D5-ABFE-46E57FB5E885}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A2E391CB-7A0D-4978-8328-FF259EE3F082}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A322211F-1379-46E1-91EC-77372797D961}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A38D5E81-0EA1-4CF1-AC90-0359F0A6F0A1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{A3C85270-A976-482F-B0F9-A9704484F375}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A3F440D1-BA8D-4CD7-BCBD-84727D75FA46}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A43022E2-5137-4095-A39E-A0D128FDE3B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A48ED24C-737E-44FE-8B3C-E321033A71DB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A4959BBB-F559-460F-92B1-6F1958B38DF0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A4FC78C1-5033-4204-BDF4-428B1262AD8B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A55ED7D7-24F4-4B82-8E52-42B227204494}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A5843712-51DC-4655-AABC-CE43A8A28BB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A5C9D7CB-55F4-4317-A3D2-745FA544BF68}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A63537DF-7282-4135-A502-209248A8A9C0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A7F93902-1744-4467-85FF-40B5304423BB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A8506A41-E753-4909-AD89-0954B040818C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A89A2397-7748-4C9D-BF1B-414196DEA85C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8C09456-1428-47C3-92E6-F651B7B43245}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A93425CE-CB18-447B-9938-D1CDCAF6B974}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A9616B03-BA9B-4099-95C2-6565F90E407B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A9990BF5-3DDF-4F62-9E13-C6CBA7C4D827}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A9EBFAF2-736C-4F68-B646-A943A722139D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AB644473-7ACF-46B0-A493-BF21187C4E98}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AB94F10B-FE3B-4607-8779-5098AA79692D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ABF594E2-506A-40C6-AFA4-8C4E730C12DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC0C7450-9F54-4398-B304-3A949365C856}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADFCA660-E830-4B46-B7B3-9DFAAFC1D702}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AE5F90B8-9293-4FA3-A15C-9AB8429CA9C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AE657AF5-6E95-4B9F-BD38-818823BC470B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AE697135-010F-4957-8692-3B8A077FE009}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AF0CB85E-CC4C-41CC-AC5E-9F37FD95153F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AF698687-47F8-489C-B8E5-8A3D7CDEA2A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AFAAF330-F27A-4319-8C36-516E3EA86DAF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AFC26423-71F8-48A7-BCD4-3982653379DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AFDE2084-AF09-412D-A479-E67784789601}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0246FC7-3CBD-4B09-B6EF-B1870E6539A1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B06EB1F9-2F31-4320-B456-13F627E06B3F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0EAC287-0E7C-4485-996B-A3864CF5A90E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B174669E-494A-4E1A-A359-CEBB39C5158F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B1DECC51-98A7-47A0-80BE-9BC89FF3B41F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B20485B8-822F-435A-96B6-3EFE9F958488}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B258D2E4-2A30-48F8-937A-543682FC9D0A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B28D69D1-F73A-4DAF-A2C7-51074597BEFB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3432A85-5413-4058-9F14-F998F089675A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B398DC23-62DB-4395-8347-D3F4C8E766FA}" = protocol=6 | dir=out | app=system | 
"{B432B1E9-4F4B-4C08-B4CC-5C8552AA0188}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4431E73-8087-405E-87F4-3149B83DA708}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B480AE7C-56DE-44B3-AAB5-8B70C99175DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4C487C5-4A3B-49BE-BD3B-19B0701F3255}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B50319C9-BF7A-4D95-8332-63FEF77D06AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B51B3F02-ADE1-409E-8074-CE504A9DF55F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B5888FE1-0146-4B49-9273-F54BA046E983}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B63DA53F-A2E4-47E3-BAB9-1D270A26DA49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B685F330-7EA4-443C-A52D-1A5F0F174971}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B6ED70A8-8E4E-4484-8C8A-29983D0F1257}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B7139973-4035-4F8C-B7F3-7BB24C9D19EE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B738168D-F947-4F25-A458-30F2CE2766C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B79570B7-C903-4046-802D-7D0A9149F10F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B822EB3E-6BDF-454C-AA5A-816D722B9EC8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B91E9E87-EAA7-48B4-91E2-580ACC1F11ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B94ED570-D5DB-4FC6-A9F5-3D9DCEE1E5A4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9B92938-C0C3-4392-B21C-86FE6AE556DA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9ED4572-8D0C-4FBC-9B99-0C481982EA98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BA174189-4199-447D-9F89-7C835DB64363}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BA3FE77C-68EB-4DA0-B131-56E120C84C2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BBFB88C1-86E3-436E-BB1A-B14DE549863D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BC84781E-68DE-4F16-9616-990CF7251AC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BCC39A1F-1E3D-4EC1-A349-2FB1DE8C258C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BCCA94DA-0289-45CF-B442-13AA48913829}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BCD6DF26-E7FB-437C-B4F1-5FF12ED13437}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BD094DD7-F2D6-44B5-A402-D4CFDEF21237}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BD291778-CFA7-4CFF-9EEB-B9655BFAE629}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BDFF06B5-E3B5-4ABA-9270-827F548A336C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BE2A0E7C-C299-4E8F-A276-65161603D7D0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE46B037-A288-4F67-B31F-F40887A94C56}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BE8CEA1F-3622-4C6B-BEA4-C353A86C6F98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF2D12E5-2EF8-4BBD-9022-DAD62C621EB9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF4877AC-37D7-40FA-959B-2BDCC89622DC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF613F96-9106-4BDB-BFD0-002668FCB5D8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BFF7DEE0-B2B9-43BF-B4B8-C1F775972132}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C054BB57-F63A-4F87-9CF2-0BF086CE6F56}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C05BCE50-25F3-4A36-A280-DE1A4D571027}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C07667EA-0556-4B95-AA9E-E524A8AA9AE8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C08468AB-36E3-4B6C-AC0E-A9F2E164770C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C0A680AC-7686-412F-99D3-0A8F62EA452C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C210405A-0C2E-461A-B8F8-4650D976255C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C24FDBD1-009B-4D92-92FE-59586E7DEA9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C3055982-1363-4144-8C20-C6A791F46EC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3482AED-7B0B-43D0-A569-683D9AE75DFD}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{C349E882-2D37-4252-8590-D59D851B4EE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C3812E0F-DB56-46CE-A1C5-A1602711582B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C3C88132-CB62-4BBA-8631-977A7FD89DDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C423AFBA-7143-4054-97CE-D0D3445764FF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{C4489412-4789-4C96-8E48-12C811BCBD0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C58BF360-CE99-4A5E-846B-7CD9FBC86555}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C62A9FA7-3D24-4520-A3AA-04D8F6A8F920}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C638BAA8-DB87-424E-83C0-290B538DAFF6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C6AF5594-FE04-4546-9D41-C39939D0F614}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C6C3C4CA-9CD9-47AB-B1AF-9D75A3511455}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C7186269-4857-4D0C-876F-44332F2CBF99}" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe | 
"{C736B6A5-E68A-4292-8801-FA8CB6839C37}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C751BB1D-824C-4F5C-9A84-8545049DD050}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C770E3EF-6626-4B25-A5FA-168750AEC92A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C77A3116-ED9C-4731-B055-477605B35711}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C8229FCF-CE40-43F8-83E2-EAAB5424D1AA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C8558EA1-AB1C-46A8-8CB2-AE2EA24ADC81}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C8938FFE-25A0-4196-971C-D46E89D8B7A6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C97ABE51-1027-462D-B02A-B916240C6ACC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB42141D-13A0-4B29-A5FC-F630DA9368AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{CC0E8BDF-4D8C-4961-B13C-5C954295AB22}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD0EB07C-3481-4930-90D5-4FB0E1725C2A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD4627C5-30D9-439D-B831-40DB2092DA10}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD63BAC4-0378-41F1-92A3-6CC8E262DEAA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CDF230D0-434A-4FEF-9D2E-2A7B7F510121}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CF157967-1B07-431F-8254-C4A4E1984501}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF4515E8-FCBC-4987-A76E-9B322F95C043}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF7477CA-F27E-4E5E-87AC-FA43C3013CB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D048A931-92CA-4DCF-8011-71F7E314EC9E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D05036D9-377B-4EA6-A2D4-417D715D16C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D0560AF9-8E6E-4E65-84A0-235894D0BB47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D09360D2-24AE-43D3-8689-9B8B69B00F65}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D0A68A7D-9788-493C-91CE-710051268CC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D1310BC6-72BF-4709-97A1-849ED7B4DC77}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D1F89C0F-CF7D-4D21-B0BE-958D5BB18999}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2358FE8-CB20-4406-9F8D-0671D530D504}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D257A729-9D63-48F2-AE8B-9C57835CE16A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{D2A29474-4DAB-4023-A332-B6A4522A06F1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D2D0457E-0A87-4808-9A39-30EAFC980E8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D2D4998B-F5DF-47B9-8C6F-95BDB0D306E8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D39B3095-593E-417A-A55F-D1C21303A519}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D39C7388-F9A2-4136-BB37-EABFD60E2FCE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D41658A5-5EAC-441D-B86D-D7E32B081C4C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D4D90B1A-71EE-49CB-AB34-DCAD879F19E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D540184E-07AE-45A0-805B-482C660466CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D65FD456-56CE-49F5-9B82-170D1A09E79A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D66BE608-DB88-4905-8675-D4156554EDC7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D6E08A3D-DB80-457E-B5FC-7DEA3FC90D66}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D6FB6533-9EDC-40C6-B7CB-0991D7C2CF81}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D6FE8A79-04E1-4D27-945C-DA7E8E9D4279}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8AEE10A-4EEC-4C6E-8497-CDD25834D287}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8FDA8C1-C91D-4C4E-93F8-2FABDC46A824}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D93B2D88-6B74-49A7-AEF9-EB8A1C679232}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D9729AF5-E671-4C0E-BB86-20AF1861B268}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D9C5C4F2-385E-448B-8ED8-C10EC22A04AA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D9E97EB1-F13E-4E03-B62D-074C0B2B991E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D9EEF33E-FA94-4B9D-98C7-00F5920EAE59}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DAE89212-2BAC-4A1D-85BC-D0F74F3B4849}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB156D0E-3226-4EA1-B97E-833A520672A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB498EF5-ED4F-4BA5-9573-A63EE5363A3A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DC248E76-ED06-4A1A-BE67-E54F71738ACD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DCB42E58-57DC-4F69-A194-09175FDB07BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DCFDE543-DAF5-4BF4-A8A7-A4EA5DFC8C2D}" = dir=in | app=c:\program files\garena plus\ggdllhost.exe | 
"{DDF6EE14-29A3-4738-B706-838C84A02D81}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DDFEDC0B-C8B6-451C-A1E7-8A1603A7CEE0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF4CC2B9-D44A-45A6-BC0D-A26177A6ED41}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DFA9F8A4-FAA3-4E9E-B66A-281B78CFE8FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E0C45CEA-5F5E-429F-AFA9-BA5739E36932}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E10A6690-4112-46E9-8CAF-57A836CE05E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E1104261-F420-4E6C-BB35-9F4F72FA7BAD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E200FC9D-60A2-4AC4-9244-FB7D03E72317}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E23239A5-E3B6-49B6-BFCB-E52760D2C3BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E238663B-B49C-49B5-86CF-96999BF0354B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E2D6F723-6775-413D-90C0-A2E8C2A9F682}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E2E8925E-18BA-44D3-981E-1EE13399964A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E30A2E00-08FD-40BA-AB5B-2F71D63A8369}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E330FBFA-1A12-4C35-B9AE-547029FD81AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4179975-E3BB-47A5-BE05-C04355C72D8A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E4280D09-5207-405A-B8FB-DD95852C47D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4E0A5EA-8866-4520-A3EC-4760BA4062BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E500558B-D6D2-4A54-9BAE-C9A68D658229}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E5940590-07DE-4CCC-AD8D-4122EAAF441D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E64CBD39-AF41-4961-8D4D-0923203F87BE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E6F58506-70E4-4A33-83F4-0DF0F4F7AC11}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E70543FE-AEAB-4E28-9BEB-EAD10E415C73}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E73E2018-A470-42EB-A2C3-AB3DD92AF041}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E84DB5F8-2336-4604-828D-AA8D191084D5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E858DD14-6530-40D2-808F-34C3147CC0CA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E947873F-EBF6-42A5-AFA0-47605A93EAE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E94A8662-51A1-4BCA-AD28-9FED185188B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E98E310D-3FEB-4E64-A371-35285307A897}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E99B8F48-0E98-47D2-82B6-F028FE3029E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E9C6C9EB-4FCC-424B-B29C-9759D46C4AA7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EA1260CD-4CAE-40EB-94C6-0152C9541D12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA9AD63F-C658-4C46-A9D9-11AAEF5F0A86}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB283C9C-F154-4865-A07F-E6704CA26F85}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EB971337-7582-426C-B3C9-DE0257CBAD07}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EBBA75EF-5C47-46D0-8E15-3B15CD15B41F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC61024E-C5D2-40CA-8115-C8CD7A9F746D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC99929D-55EF-48AF-8256-3FC37F5C91F0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ECEFE32F-CA72-4F03-AAF8-606F94342D78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED47D00A-DBD4-429A-862F-06E2B75C29AF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED581A53-17AB-487D-B88C-25BD7A721086}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EDE16FEA-81E3-43B5-91BE-0C4E40A0FE54}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EE8761DA-5F93-4FC3-857A-930F0E3FA486}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEB1CD09-1C0D-470F-A16D-F354A3E27956}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EECD3F9D-8CAC-4461-81F9-0EF75AF540BF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EECD7B17-4F0F-430B-BB0C-2F76CE3D2B45}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EFBAF1AE-9BBA-4816-B9D1-45475B509B5E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F00C3D81-259D-4313-8430-D0C6AB8E7DD0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F028504D-FA3D-4751-814B-041B893414AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F0503810-E1B1-4769-81E2-53658277D4BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F0A3677A-B6B6-44C8-9AE7-A156CCF2D447}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F0C2077F-C639-48B3-BEFC-42CB16A6F8BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F22CD9AA-31A3-4C68-8ED4-30D5F739EAA7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2B6F376-0455-41CC-A931-DADE3164FDF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F42CBDB2-8F27-4650-B6C2-83D9D58AB282}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F4A3D663-4200-4137-99A9-5A3AB227AB52}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F605185C-99AC-4C03-A57A-69097C40CC63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6587F38-29DA-4465-A628-E6F37BB10620}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F713C4FE-B9DC-4D47-8626-7FF95A6497C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F71A4B1F-36CC-4AE3-ADFB-322E36E70AAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7A2DC8B-145A-4819-A248-6EA92F9C3A29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7B47939-6D06-4BCF-816C-33A6E971591D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7D2B2AC-1D96-4738-A0AF-270A473125A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F7E7FFEE-4C75-4BED-BEFA-E5DE8F1DC58D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F949010F-2DDC-47C1-87D8-EEEFF343CC93}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F94F83D1-FCC9-4B24-9AFE-30BBCCF81F03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F9A065FE-3916-4997-9E5F-BF3DC980E8C0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F9BAAB0C-D886-4D0C-993D-7211238E76AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F9E9917C-2813-4376-9382-DBAE30E8E089}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FA580325-5C44-4C24-A234-C3BCACD8CFE4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAB87C96-DBE0-41FB-9BF2-D897780A9E46}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FB77CD1F-E48C-42E7-AA48-FC85A563C384}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FBB07770-31B8-482F-88D7-6CE2D99781AB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FBD9330C-A66E-48B3-B1BD-82AD88AC870F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FBF090EC-CB7D-4259-87EF-CDCF0126F307}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FC5B00AD-E7A3-4902-84AF-9590C81BA813}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FC7624FC-9B12-4DDB-82F9-863323E82B81}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FCB340F9-5224-41E2-873B-3F8464E7C0E1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FCC6CDA9-A6E0-4BE1-80D5-8ECF1C856E7B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FD41A248-47D7-435D-82CA-53D21E9FC8EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FD5D08F9-DA6B-4EE2-968C-4A753DC6563E}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{FD6E8FFE-9FB0-4FA2-A348-D65971F03A2D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FD78B33B-FBCD-449B-9E9F-2BAF64D44F31}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe | 
"{FDA432B7-4C4B-449A-B734-39A9C4FF421F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FDC86A4A-7C4F-4D34-A1FC-8234C84DDC78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FDEB16A3-56B0-44FF-8770-092DE2915E2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE155808-AA21-45FC-9F9A-45E30B303602}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE1FA27E-C404-490B-BEC8-083DA03CE444}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE2592E2-A989-4E94-A639-A4780A3F3A13}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE41F386-D10D-431E-9EA1-55EF64D6123D}" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe | 
"{FE4F50B5-19E6-4072-9C59-31A649CBDF89}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FE51BA47-F777-454F-9B9B-E1C3CA78BEB7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE5A0040-82D7-44DF-A1A3-AD4C04C64D23}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FE611A34-EA3B-4C40-8805-B9D42ADE3D47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE6A0D27-B7D4-47D4-BE21-FB098AC53676}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FEBEEE94-3E8F-4CE0-BB63-B43FD44B9DE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FED5FA5D-8B4D-483F-BCD2-359FA1C74760}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2DDF9FE6-9DE8-4AD4-8A35-E042FEC244EE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{6E321A96-3443-4445-AF6E-E591F29D9B1C}C:\program files\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | 
"TCP Query User{80AF8BF2-FD29-46A1-B5A5-719624E13D49}C:\program files\garena plus\updatemanager.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\updatemanager.exe | 
"TCP Query User{B5897ECC-ACF3-4D12-8AD4-FA65C97644D1}C:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe" = protocol=6 | dir=in | app=c:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe | 
"TCP Query User{C05724A8-E823-4AE7-A365-03329C2F8054}C:\program files\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\garenamessenger.exe | 
"TCP Query User{DCB74007-2DA7-4AC1-8411-D51846579F40}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EA315C57-FC18-49CF-BB25-3E6AE7E44675}E:\o2jam\o2emuserver.exe" = protocol=6 | dir=in | app=e:\o2jam\o2emuserver.exe | 
"TCP Query User{F56FB382-01A6-4ACC-9538-51BADD5DF3C9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{1EBCE51C-F169-4E07-B0C1-46E954F4C424}C:\program files\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\garenamessenger.exe | 
"UDP Query User{45361B26-3900-4769-B716-2F9D93D77807}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{66681408-CC7E-4579-8E13-87231D8B117E}E:\o2jam\o2emuserver.exe" = protocol=17 | dir=in | app=e:\o2jam\o2emuserver.exe | 
"UDP Query User{7D83AB0B-1525-4E5E-8AAA-C4514E766614}C:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe" = protocol=17 | dir=in | app=c:\users\administrator\documents\pol documents\o2jam\o2emuserver.exe | 
"UDP Query User{8FB064CD-890F-48A5-B44F-4522A2512FEF}C:\program files\garena plus\updatemanager.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\updatemanager.exe | 
"UDP Query User{B2BDF8EF-7579-4BAC-9D87-0C1761714301}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C3406A1A-0054-4259-92C7-72D74CDF62EF}C:\program files\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\room\garena_room.exe | 
"UDP Query User{E3C1C483-86D7-4CD5-96BC-A4646CC25CA9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}" = Google Talk Plugin
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6DCA86D6-F197-41B7-BD33-43E32A15A41E}" = ESET NOD32 Antivirus
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft Mouse and Keyboard Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-11-27
"Connectify" = Connectify
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Defraggler" = Defraggler
"DMX5_is1" = DriverMax 7
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Globe Tattoo Broadband" = Globe Tattoo Broadband
"Google Chrome" = Google Chrome
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Pokemon Showdown" = Pokemon Showdown
"Rainmeter" = Rainmeter
"TeamViewer 8" = TeamViewer 8
"Unlocker" = Unlocker 1.9.2
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/29/2013 3:36:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/29/2013 3:36:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/29/2013 10:25:06 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d6727a7  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea91c  Exception code: 0xc0000374  Fault offset: 0x000c3873  Faulting
 process id: 0xd08  Faulting application start time: 0x01cf045da6be6b74  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 02ea1fe2-7095-11e3-b721-001e101f36d9
 
Error - 12/29/2013 10:29:39 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d6727a7  Faulting module name: btwapi.dll, version: 6.2.1.800, time
 stamp: 0x4ac6929e  Exception code: 0xc0000005  Fault offset: 0x0004df41  Faulting process
 id: 0x1aa4  Faulting application start time: 0x01cf04a1d9381a0d  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Program Files\ThinkPad\Bluetooth
 Software\btwapi.dll  Report Id: a5a21a23-7095-11e3-b721-001e101f36d9
 
Error - 12/30/2013 4:19:23 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d6727a7  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea91c  Exception code: 0xc0000374  Fault offset: 0x000c3873  Faulting
 process id: 0x1b98  Faulting application start time: 0x01cf04a26bdf99b6  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 1664e52e-712b-11e3-b721-001e101f36d9
 
Error - 12/30/2013 4:22:22 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d6727a7  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521ea91c  Exception code: 0xc0000374  Fault offset: 0x000c3873  Faulting
 process id: 0x105c  Faulting application start time: 0x01cf0537ddf74b5f  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 80f0a010-712b-11e3-b721-001e101f36d9
 
Error - 12/30/2013 6:15:25 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: IDMan.exe, version: 6.15.8.3, time stamp:
 0x515ebba9  Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
 0x4ce7b96f  Exception code: 0xc0000096  Fault offset: 0x00048665  Faulting process id:
 0x1c50  Faulting application start time: 0x01cf0547e1eaea51  Faulting application path:
 C:\Program Files\Internet Download Manager\IDMan.exe  Faulting module path: C:\Windows\system32\ole32.dll
Report
 Id: 4c10246c-713b-11e3-b721-001e101f36d9
 
Error - 12/30/2013 6:15:26 AM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1005
Description = Windows cannot access the file  for one of the following reasons:  there
 is a problem with the network connection, the disk that the file is stored on, 
or the storage  drivers installed on this computer; or the disk is missing.  Windows
 closed the program Internet Download Manager (IDM) because of this error.    Program:
 Internet Download Manager (IDM)  File:     The error value is listed in the Additional
 Data section.  User Action  1. Open the file again.  This situation might be a temporary
 problem that corrects itself when the program runs again.  2.  If the file still cannot
 be accessed and   - It is on the network,  your network administrator should verify 
that there is not a problem with the network and that the server can be contacted.
-
 It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
 disk is fully inserted into the computer.  3. Check and repair the file system by
 running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
 OK. At the command prompt, type CHKDSK /F, and then press ENTER.  4. If the problem
 persists, restore the file from a backup copy.  5. Determine whether other files 
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
 disk, contact your administrator or computer hardware vendor for  further assistance.
 
Additional
 Data  Error value: 00000000  Disk type: 0
 
Error - 12/30/2013 2:01:15 PM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp:
 0x4b9138e6  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
 0x50b83b16  Exception code: 0xe06d7363  Fault offset: 0x0000812f  Faulting process id:
 0x940  Faulting application start time: 0x01cf05891a87ef9f  Faulting application path:
 C:\Program Files\Intel\WiFi\bin\EvtEng.exe  Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
 Id: 5f8112b7-717c-11e3-935c-c80aa993c49f
 
Error - 12/30/2013 2:01:15 PM | Computer Name = AFMNLSLROPSXX20 | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc89a  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
 stamp: 0x4eeaf722  Exception code: 0x40000015  Fault offset: 0x0005620a  Faulting process
 id: 0x56c  Faulting application start time: 0x01cf0589178b972c  Faulting application
 path: C:\Windows\system32\WLANExt.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
Report
 Id: 5fbc951d-717c-11e3-935c-c80aa993c49f
 
[ System Events ]
Error - 12/30/2013 8:48:01 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 12/30/2013 8:55:51 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 12/30/2013 9:02:00 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 12/30/2013 9:03:27 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 12/30/2013 9:07:10 AM | Computer Name = AFMNLSLROPSXX20 | Source = ipnathlp | ID = 31004
Description = 
 
Error - 12/30/2013 10:04:09 AM | Computer Name = AFMNLSLROPSXX20 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll
 
 
Error - 12/30/2013 2:00:59 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Globe
 Tattoo Broadband. OUC service to connect.
 
Error - 12/30/2013 2:00:59 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7000
Description = The Globe Tattoo Broadband. OUC service failed to start due to the
 following error:   %%1053
 
Error - 12/30/2013 2:01:02 PM | Computer Name = AFMNLSLROPSXX20 | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
 key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error - 12/30/2013 2:01:26 PM | Computer Name = AFMNLSLROPSXX20 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
  It has done this 1 time(s).
 
 
< End of report >
 
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKLM\..\URLSearchHook: - No CLSID value found

    IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

    [2012/05/24 22:29:21 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml

    [2013/12/31 03:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.

C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully.

C:\Users\Administrator\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Administrator\Desktop\cmd.bat deleted successfully.

C:\Users\Administrator\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 12108995 bytes

->Temporary Internet Files folder emptied: 119835728 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 16108899 bytes

->Google Chrome cache emptied: 260386194 bytes

->Flash cache emptied: 58079 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22794 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 390.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01012014_044123

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Hello. Sorry for the delay on the reply. School is back sooo.
btw it did not generate an Extras.txt so i'll only be posting OTL.txt:

 

OTL logfile created on: 1/5/2014 11:42:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.41% Memory free
3.61 Gb Paging File | 2.28 Gb Available in Paging File | 63.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 4.14 Gb Free Space | 1.39% Space Free | Partition Type: NTFS
Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: AFMNLSLROPSXX20 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
PRC - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 13:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2011/09/30 03:10:18 | 000,277,832 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2011/03/15 00:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/04/20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/11 18:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/22 06:45:14 | 000,515,072 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
MOD - [2013/10/30 05:45:00 | 000,036,024 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2013/10/30 05:44:58 | 000,678,584 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2013/10/30 05:38:52 | 000,009,216 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
MOD - [2013/10/30 05:38:32 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\SysInfo.dll
MOD - [2013/08/23 18:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2013/07/10 20:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
MOD - [2012/12/04 22:15:17 | 000,247,808 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ToolBarMgrPlugin.dll
MOD - [2012/11/30 22:30:47 | 000,256,512 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll
MOD - [2012/11/30 22:30:13 | 000,333,824 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\MenuMgrPlugin.dll
MOD - [2012/11/30 22:30:02 | 000,270,848 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XFramePlugin.dll
MOD - [2012/11/30 22:29:57 | 000,331,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\StatusBarMgrPlugin.dll
MOD - [2012/11/30 22:29:36 | 000,595,968 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\core.dll
MOD - [2012/11/30 13:50:37 | 000,580,096 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll
MOD - [2012/11/30 13:50:09 | 000,854,528 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SMSUIPlugin.dll
MOD - [2012/11/23 15:14:49 | 000,119,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ConnectMgrUIPlugin.dll
MOD - [2012/11/23 15:14:40 | 000,416,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogUIPlugin.dll
MOD - [2012/11/23 15:14:29 | 000,715,776 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallUIPlugin.dll
MOD - [2012/11/23 15:14:22 | 000,493,568 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoUIExPlugin.dll
MOD - [2012/11/23 15:14:16 | 000,302,592 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DiagnosisPlugin.dll
MOD - [2012/11/23 15:14:07 | 000,391,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectPlugin.dll
MOD - [2012/11/23 15:14:02 | 000,117,248 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LayoutPlugin.dll
MOD - [2012/11/23 15:13:52 | 000,818,688 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookUIPlugin.dll
MOD - [2012/11/23 15:13:49 | 000,569,344 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallLogSrvPlugin.dll
MOD - [2012/11/23 15:13:47 | 000,702,464 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetInfoSrvPlugin.dll
MOD - [2012/11/23 15:13:47 | 000,177,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallSrvPlugin.dll
MOD - [2012/11/23 15:13:45 | 000,730,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceAppPlugin.dll
MOD - [2012/11/23 15:13:44 | 000,097,792 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NotifyServicePlugin.dll
MOD - [2012/11/23 15:13:42 | 000,729,088 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DeviceSrvPlugin.dll
MOD - [2012/11/23 15:13:40 | 000,704,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsAppPlugin.dll
MOD - [2012/11/23 15:13:39 | 000,219,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\SmsSrvPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,593,408 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialupUIPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,157,184 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\STKSrvPlugin.dll
MOD - [2012/11/23 15:13:38 | 000,142,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\USSDSrvPlugin.dll
MOD - [2012/11/23 15:13:37 | 001,124,352 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookPlugin.dll
MOD - [2012/11/23 15:13:33 | 000,672,768 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AddrBookSrvPlugin.dll
MOD - [2012/11/23 15:13:31 | 000,236,032 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DialUpPlugin.dll
MOD - [2012/11/23 15:13:31 | 000,201,216 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISPlugin.dll
MOD - [2012/11/23 15:13:30 | 000,247,296 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetSrvPlugin.dll
MOD - [2012/11/23 15:13:20 | 000,065,536 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSPowerMgr.dll
MOD - [2012/11/23 15:13:18 | 000,131,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSNDIS.dll
MOD - [2012/11/23 15:13:17 | 000,288,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\sdk.dll
MOD - [2012/11/23 15:13:17 | 000,166,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSDialup.dll
MOD - [2012/11/23 15:13:17 | 000,102,400 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSAdapt.dll
MOD - [2012/11/23 15:13:16 | 000,646,144 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\AtCodec.dll
MOD - [2012/11/23 15:13:14 | 000,195,584 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\XCodec.dll
MOD - [2012/11/23 15:13:12 | 000,583,168 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\PluginContainer.dll
MOD - [2012/11/23 15:13:10 | 000,062,976 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\OSCall.dll
MOD - [2012/11/23 15:13:09 | 000,187,392 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\CallAppPlugin.dll
MOD - [2012/11/23 15:13:06 | 000,168,960 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\ATR2SMgr.dll
MOD - [2012/11/23 15:12:55 | 000,158,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NetConnectSrvPlugin.dll
MOD - [2012/11/23 15:12:54 | 000,407,040 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Proxy.dll
MOD - [2012/11/23 15:12:54 | 000,155,136 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\DataServicePlugin.dll
MOD - [2012/11/23 15:12:52 | 000,158,208 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Trace.dll
MOD - [2012/11/23 15:12:51 | 000,628,224 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Common.dll
MOD - [2012/11/12 12:48:40 | 000,694,272 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\LiveUpdateInterface.dll
MOD - [2012/11/01 21:10:52 | 000,370,176 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll
MOD - [2012/11/01 21:10:52 | 000,350,720 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll
MOD - [2012/11/01 21:10:52 | 000,192,000 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll
MOD - [2012/11/01 21:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll
MOD - [2012/11/01 21:10:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\plugins\imageformats\qico4.dll
MOD - [2012/10/31 18:33:34 | 009,562,624 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtGui4.dll
MOD - [2012/10/31 18:14:12 | 001,148,416 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtNetwork4.dll
MOD - [2012/10/31 18:11:48 | 000,398,336 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtXml4.dll
MOD - [2012/10/31 18:11:24 | 002,417,152 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\QtCore4.dll
MOD - [2012/07/27 15:53:54 | 001,114,112 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\NDISAPI.dll
MOD - [2012/06/06 10:22:00 | 000,224,256 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\tdpcvoice.dll
MOD - [2012/06/06 10:22:00 | 000,155,648 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\Win7Support.dll
MOD - [2010/11/29 05:34:18 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/05/12 19:25:00 | 000,037,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/06/23 11:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\libgcc_s_dw2-1.dll
MOD - [2009/01/11 03:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\Globe Tattoo Broadband\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2013/12/16 19:01:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/15 03:10:07 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/10/01 21:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/23 23:22:04 | 000,654,552 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/05/10 16:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/12 14:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2011/09/30 03:10:08 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2011/03/15 00:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/30 04:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/12 19:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/03/18 13:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 13:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/06 02:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/03/06 01:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/09 06:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/10 05:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\air21\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/11/06 04:17:46 | 000,024,704 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtscsibus.sys -- (dtscsibus)
DRV - [2013/08/15 18:01:50 | 000,122,376 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013/08/15 18:01:06 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/08/15 18:00:26 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/04/05 20:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/12/03 19:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/10/30 13:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/09/29 22:58:32 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV - [2012/08/20 09:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/20 09:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/12/31 10:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/06/21 14:59:22 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 19:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/05 04:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/05/12 19:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/03/18 14:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010/03/11 18:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/01/08 19:50:08 | 000,232,448 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/01/07 13:32:24 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 09:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/05/12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/12/01 15:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 11:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmfilter303.sys -- (vmfilter303)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ph
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 B7 CC FB 78 4A CB 01  [binary data]
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.21.0.39:8088
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "172.0.21.21"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.socks: "172.0.21.21"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "172.0.21.21"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "172.21.0.39"
FF - prefs.js..network.proxy.ftp_port: 8088
FF - prefs.js..network.proxy.gopher: "172.21.0.39"
FF - prefs.js..network.proxy.gopher_port: 8088
FF - prefs.js..network.proxy.http: "172.21.0.39"
FF - prefs.js..network.proxy.http_port: 8088
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.21.0.39"
FF - prefs.js..network.proxy.socks_port: 8088
FF - prefs.js..network.proxy.ssl: "172.21.0.39"
FF - prefs.js..network.proxy.ssl_port: 8088
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 09:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/18 19:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/11/07 01:46:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/09/30 02:17:53 | 000,000,000 | ---D | M]
 
[2010/09/27 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/12/27 22:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\an3ukoya.default\extensions
[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/30 07:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/30 20:03:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/10 18:22:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/09/30 02:17:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5
[2011/12/08 12:17:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/03/12 17:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
[2011/12/08 12:17:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/08 12:17:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\IDMGCExt.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PluginRichmediaplayer (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Disabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Garena Talk Plugin (Disabled) = C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nokia Suite Enabler Plugin (Disabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Attack on Titan Theme for 1440x900 = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebjcpbckgdhefehkcfjeaddcjnkhlke\1.2_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IDM Integration = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadkjnljmcmhlhlnajpnfebchgiemack\0.9\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/11/07 21:13:06 | 000,003,412 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 69 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [DriverMax_RESTART]  File not found
O4 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputers = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-4228175867-1303089548-2961518617-500\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050482A2-E034-45BC-A1D5-03B7A8B3FF09}: NameServer = 202.126.40.5 10.198.220.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CB69994-E390-4A2F-9FBD-3B827B0FE545}: DhcpNameServer = 192.168.0.251 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9016D0CF-CA81-4507-BE7A-CD0420DB5857}: NameServer = 58.71.2.8,58.71.2.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF48297-2B5A-45AB-AC41-9EADB9BFEDC0}: NameServer = 202.126.40.5 10.198.220.124
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/17 06:37:37 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/12/21 10:42:30 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/05 23:41:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/01/05 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temporary Projects
[2014/01/05 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.0A
[2014/01/05 16:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2014/01/05 16:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2014/01/05 16:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2014/01/05 16:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2014/01/05 16:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/01/05 16:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2014/01/05 16:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014/01/05 16:34:02 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014/01/05 16:33:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2014/01/05 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2014/01/05 16:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2014/01/05 16:30:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Visual Studio 2008
[2014/01/01 04:41:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/27 22:04:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/26 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/12/26 04:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/26 04:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/26 04:04:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/26 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/25 10:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\8aca19f1a27ddeff
[2013/12/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/12/24 18:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/12/24 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2013/12/22 15:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/12/22 07:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Integrated Camera Driver
[2013/12/22 07:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Chicony Electronics Co.,Ltd
[2013/12/22 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2013/12/22 07:36:23 | 000,132,864 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\drivers\5U877.sys
[2013/12/22 07:36:23 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.ax
[2013/12/22 07:27:57 | 000,106,496 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\System32\5U877.dll
[2013/12/22 06:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globe Tattoo Broadband
[2013/12/22 06:46:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013/12/22 06:46:22 | 000,379,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2013/12/22 06:46:22 | 000,205,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2013/12/22 06:46:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013/12/22 06:46:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013/12/22 06:46:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013/12/22 06:46:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013/12/22 06:46:22 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013/12/22 06:46:22 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013/12/22 06:46:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013/12/22 06:46:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2013/12/22 06:46:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013/12/17 17:05:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5
[2013/12/17 17:05:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/17 04:44:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2013/12/17 04:44:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Pokemon Showdown
[2013/12/17 04:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pokemon Showdown
[2013/12/09 00:00:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix
[2013/12/08 00:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2013/12/08 00:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/05 23:46:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job
[2014/01/05 23:43:46 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 23:43:46 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 23:26:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500UA.job
[2014/01/05 22:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job
[2014/01/05 22:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/05 22:30:17 | 000,720,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/05 22:30:17 | 000,146,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/05 21:32:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000UA.job
[2014/01/05 21:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job
[2014/01/05 18:46:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 18:36:20 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-500Core.job
[2014/01/05 16:51:58 | 000,000,257 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/01/05 15:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/05 15:41:16 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 10:04:05 | 000,000,084 | ---- | M] () -- C:\Windows\option.ini
[2014/01/04 23:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228175867-1303089548-2961518617-1000Core.job
[2013/12/31 03:07:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/12/28 17:13:35 | 003,794,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/28 04:46:59 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/12/25 02:27:03 | 000,000,132 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/12/22 06:48:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
 
========== Files Created - No Company Name ==========
 
[2013/12/26 04:25:25 | 003,794,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/22 18:58:46 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/12/22 18:26:56 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/12/22 06:48:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013/12/17 04:42:02 | 000,001,974 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
[2013/12/08 18:41:09 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cef3f99fd501a3.job
[2013/11/09 01:49:18 | 000,000,084 | ---- | C] () -- C:\Windows\option.ini
[2013/11/07 02:29:16 | 000,007,760 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
[2013/09/21 14:06:54 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2013/09/21 14:06:44 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013/09/21 14:06:43 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2013/09/21 14:06:43 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2013/08/10 08:06:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/10 08:06:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/10 08:06:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/10 08:06:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/10 08:06:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/30 21:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/29 10:09:38 | 000,000,884 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012/12/10 03:02:58 | 000,202,080 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/11/13 18:00:00 | 000,000,257 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/11/13 17:57:12 | 000,036,939 | ---- | C] () -- C:\Windows\System32\insrepim.exe
[2012/10/07 12:21:11 | 000,007,597 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/05/26 16:56:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/05/26 16:56:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/05/24 20:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\syconfig.INI
[2012/05/24 20:15:15 | 000,243,712 | ---- | C] () -- C:\Windows\System32\libunic.dll
[2012/05/24 20:10:20 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini
[2010/10/04 10:01:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/22 02:54:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Ultra
[2014/01/05 09:43:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2010/11/10 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Epson
[2013/07/21 02:37:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena
[2014/01/04 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2013/12/26 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDM
[2013/12/09 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mkvtoolnix
[2013/12/24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MPC-HC
[2013/12/28 05:44:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rainmeter
[2013/12/17 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/08/17 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9D742B1A

< End of report >
 

Link to post
Share on other sites

No problem, the school is more important.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    [2013/09/30 02:17:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5

    :files

    C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\IDM\IDMMZCC5

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.