Jump to content


Photo
- - - - -

Do I have a Trojan?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Regnier19

Regnier19

    Newbie

  • Newbie
  • Pip
  • 3 posts

Posted 12 July 2013 - 03:34 PM

I found A virus on my PC called MyDeltaTB.exe. Avast caught it and moved it to the chest where I deleted it however I am paranoid about Trojans and would like a definitive answer as to weather I have a Trojan or other malicious virus in my PC. Here is the log file 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:21:29, on 12/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yd.delta-...rctful&tsp=4939
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9109 bytes
 

  • royaraHep, swinainkida, hanson200 and 3 others like this

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 21 July 2013 - 09:07 PM

You have probably had help already with this.

But if not, do you still need a hand? Are you experiencing any problems?


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 Regnier19

Regnier19

    Newbie

  • Newbie
  • Pip
  • 3 posts

Posted 23 July 2013 - 01:58 PM

No, I have had no help, I do not know that there is anything wrong with my PC, it is running fine, I was simply told you could tell me weather or not I have any malware in my system specifically a Trojan.



#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 23 July 2013 - 04:06 PM

Everything looks ok, but let's take a closer look

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.


 


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 Regnier19

Regnier19

    Newbie

  • Newbie
  • Pip
  • 3 posts

Posted 25 July 2013 - 01:51 PM

Here are the logs you asked for.

 

OTL logfile created on: 25/07/2013 20:43:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free
15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/25 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/07/13 00:22:22 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/10 02:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/25 17:36:14 | 001,648,264 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/07/28 17:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/12 19:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 19:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 19:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 19:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 19:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 19:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 02:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/09 22:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/01 17:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/03/29 02:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/07/14 18:30:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 15:42:26 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/26 18:25:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 01:06:05 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 20:50:29 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/07 23:28:38 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 09:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 09:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 09:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/03/29 03:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/29 02:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/27 21:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/08/23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/29 04:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/29 04:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/07/06 11:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yd.delta-...rctful&tsp=4939
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 96 6A E3 7A B9 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939
IE - HKCU\..\SearchScopes\{A0408474-08CD-4DBE-900E-5BAA7329BE0D}: "URL" = http://websearch.ask...0027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=43AE5EC6-3DA8-4C12-A5DB-1AA6CDD3C3C1&apn_sauid=9EA12337-5CC4-4AE2-99B8-F384C819BB40
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
[2013/07/11 00:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0E9B902B341148EA&affID=119357&tt=040713_rdrctful&tsp=4939
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.27.49091_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75086C6F-4338-4956-A733-5638F01D4034}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/22 00:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/07/22 00:36:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/07/22 00:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/07/19 17:58:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (7)
[2013/07/19 17:09:49 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/07/19 17:09:47 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/07/19 17:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/07/14 00:43:51 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Data
[2013/07/13 22:48:23 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (6)
[2013/07/11 00:44:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/07/11 00:44:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/07/11 00:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/11 00:44:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DSite
[2013/07/11 00:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2013/07/11 00:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/10 23:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/08 23:50:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (5)
[2013/06/29 22:19:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2013/06/29 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (4)
[2013/06/29 17:16:27 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/29 17:16:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/29 17:16:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/29 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/06/28 16:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/06/28 16:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/06/28 16:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/06/26 00:12:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Rockstar Games
[2013/06/26 00:10:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/06/26 00:05:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Rockstar Games
[2013/06/26 00:05:01 | 000,000,000 | RH-D | C] -- C:\Users\User\AppData\Roaming\SecuROM
[2013/06/26 00:05:00 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/25 20:27:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 20:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 20:00:22 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 19:51:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 19:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 19:51:39 | 2132,877,311 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 00:35:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/07/19 17:09:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/19 17:09:29 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/14 18:30:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/14 18:30:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/11 01:05:08 | 000,001,138 | ---- | M] () -- C:\Users\User\Desktop\Continue Zip Opener Installation.lnk
[2013/07/10 23:10:08 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/29 17:16:20 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/29 17:16:19 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/29 17:16:19 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/29 17:16:19 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/29 17:16:19 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/28 20:01:57 | 000,001,943 | ---- | M] () -- C:\Users\User\Desktop\Heroes of Newerth.lnk
[2013/06/28 19:56:17 | 000,001,949 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2013/06/27 20:50:29 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 20:50:29 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 20:50:29 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 20:50:29 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/26 00:05:00 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/22 00:35:59 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/07/19 17:09:29 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/11 01:05:08 | 000,001,138 | ---- | C] () -- C:\Users\User\Desktop\Continue Zip Opener Installation.lnk
[2013/07/10 23:10:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/28 20:01:57 | 000,001,943 | ---- | C] () -- C:\Users\User\Desktop\Heroes of Newerth.lnk
[2013/06/28 19:56:17 | 000,001,949 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 20:50:29 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/05/18 17:36:36 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013/03/29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/19 13:35:31 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/19 13:35:28 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/03/19 13:35:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/07/21 20:09:05 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2012/07/21 19:35:56 | 000,777,350 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/03 23:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/03 23:19:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
And
 

OTL Extras logfile created on: 25/07/2013 20:43:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.97% Memory free
15.96 Gb Paging File | 13.42 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 128.25 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022BB7A6-E93F-40CF-BF6E-835D0A5BF5A9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{192D7AA8-6247-4283-B4A2-1142989B4B79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C1CFD69-EA95-431D-AD99-FCC0C6583396}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E8001FC-818A-48E5-8242-99D4C16E3769}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{201B7AD3-942D-4297-983A-0194FCBBC7A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6156C471-5DCD-4DD6-B08E-A6CECD75B887}" = rport=445 | protocol=6 | dir=out | app=system | 
"{626A6ABD-2DE9-4243-B4C2-C39480494DD0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7F32CB6C-FF69-40F7-B699-8F9701462919}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8202EE9A-7038-4547-B2E0-B314DBF6A738}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89DAF9CA-5BCB-43E8-8F93-4ADC9FE6F8CB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9708DB45-49D9-43FD-B706-69AB5861A351}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A1B92A72-868C-408B-82B3-D0D0F3CBB1C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A338C330-B9F0-46A9-8F04-B3C0A3705D0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B23A613A-BFCC-4387-9AAA-4659366FDD69}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{B90F458F-5B01-49D9-A62A-BA2AD9B640C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C081E5CC-1890-424D-812D-0E903DE18E61}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C2605413-C430-441E-AA81-89DFF392E82D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2C93281-0498-467D-9CAC-13B7B7D8F5D0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{CE270624-33A6-4DF5-AE06-BC458A0A64F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D04D07D8-4219-40BF-9EC8-E9FA8C84C530}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D1DA3F1F-1E64-42C7-99FE-E64865424F41}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DDC0F028-B6CE-4A4D-885B-50D694C6D64C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DE620684-8667-415F-B876-886497039C08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5891FB8-4F9C-4640-967E-529B896126C6}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{F1BB9D44-7873-42B6-B016-9A186E4EE2A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F2A202A3-76AA-4C36-9042-D1AA4DF43D1B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{FA93B714-C5BB-47F3-987A-6BD9C1779AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD7E8F05-2D26-4C2D-8E0E-7B7DCAE03FDA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018B41FC-3575-491B-B30E-8CE2AAAFC95E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{028BB826-4DB9-420F-A22D-71829D931679}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe | 
"{02FAB3CA-EE2F-4A61-95DE-C648508EC49E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{0763AA77-E426-4C25-BEC0-0CCDCD40A336}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{088796FC-A60C-40BB-80AB-21F5F6A8B8F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{0CC38C2B-E044-4EDC-B3D7-BE34A45EA75E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0DC9F55C-3BC8-4BD2-A1D6-4C04A4D889CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{0FE36175-5006-4934-9C48-9EF3917A3C00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{10F0C992-BA42-4623-A790-4B32F8E771B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{115D6BA2-F951-4706-A6A9-4F63366D54EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe | 
"{1381AA0A-5436-4321-8A14-8B54B67AC7EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{18848132-9F94-43ED-83B6-149CC4E54C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{194B3CE8-C9B4-433D-9B39-61D4DE190CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe | 
"{1E28E069-54B2-450B-B94F-140863F7D0F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{214E9AEC-D6E9-4CD1-8AA9-003082B76DB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22472336-D814-42A4-A02A-E4FF2F8E2B74}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{24A5B619-8120-4E64-9421-D52FE7235999}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"{24DA127B-E420-43D5-9746-EAFF04767B64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"{25C40D1F-1632-44BC-9120-3C79BCA7831E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | 
"{298A186E-2067-4F9B-86E9-21F22C2BCD1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{29B91FA6-D746-495C-B994-8461D6288579}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{2A02E983-EDE4-4721-9D6A-F932D6D7119C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{2A1FBE0D-52E9-44BA-B375-26AB600DADE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{2B58AEA8-3E39-4F96-9F73-C313C04D567B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{2B734F63-590B-4DA7-8803-9BAFA113C954}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{2B799BD6-E658-4605-834D-03F745C995D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{2C94ABE5-4F14-4786-802C-2738F0CCD93A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2D7C42D8-71F8-44DD-B48D-6D2955710FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{3229A269-6172-4D2E-AF3F-2A2138B45E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32860CA1-B54B-45D4-A6B1-3C40B5E9DC20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{3367AC6D-46F1-4697-A146-4CD26B55E887}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{33E2459B-907D-4028-8EB8-0D0D5B64805F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe | 
"{33E2699D-83F8-4D1C-85AD-63F291120E85}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{362BF82C-9718-4167-A562-5BC511142F33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{37CEA0D8-9B94-42E3-B9BD-AAAA52C4EF93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{3833F05F-1906-4A01-8962-C1A58D20B623}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo.exe | 
"{3B287A57-ECB7-45AB-9881-E5D329C8641D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{3D2F22AA-8CBF-4C8E-BA83-DEDDDC492A49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{3D448F94-4726-4CDA-BF07-C5F3A8145C2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{3FC61EBB-C6A5-4B10-AECD-4F1B1FAE98BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{3FF22886-A888-4012-BBEA-A065F8D66E5A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{40FE5BAE-EB6D-4DAC-801E-6CFCC431E2C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\sacred2.exe | 
"{457610C2-2FE4-49E6-8EAD-72D07CFA42A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{45F16EDC-048A-44CB-BD54-D6DB3C135D79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo.exe | 
"{45F61C3E-B45C-4201-9984-61792D25AE62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{4726A874-7914-4B3E-AC76-477ECBE00D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{48235DA2-2661-45DE-BFB1-7E97124920C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"{48FAEAC7-92A6-4C1B-B9D3-C6AD71AB93FA}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{492BF53D-37D3-4B57-BF83-94A64BC58C54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{494CB7CF-8E83-4C6B-A9AC-492CAB439D69}" = protocol=58 | dir=out | [email protected],-28546 | 
"{496A19C1-10F4-47D4-871B-E296445DE4D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{49A46A02-3DB7-4427-AB17-823DCB8D8563}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4B0A53EB-3650-4301-9793-F3D216913900}" = protocol=58 | dir=in | [email protected],-28545 | 
"{4BCD88BB-D67A-46DD-864B-7F823C6B3C0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | 
"{4D1A8A6E-1A15-4D47-88BB-F0579AFCCB17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{4DDCD0DE-E50F-4227-A931-6094BE20ACA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{4F3C7205-D3CA-4D9B-9A2C-CD5F5E99325D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F5BBBA6-E7C2-4E39-B79C-BAD1C63E0DDA}" = protocol=6 | dir=out | app=system | 
"{53F37ED1-E7F3-4BE0-A3A1-40F005F82C24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{54972C52-8AA0-49AE-8EB1-2DB01D46C91A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{567F2BED-B3AA-453B-8BB2-1FF93519E45F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{5756EA92-9AF8-4E9D-93A3-498A2D9EB2A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | 
"{58D9F811-4612-4FF6-B7A2-5CE467EA8434}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe | 
"{58F06141-CFB0-4155-BA38-846E53014D20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{592B38FB-0FAA-4BF4-B314-92952A2B882A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5B1486AC-F826-4A9A-BD9A-7048D905EC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{5B9BB695-69B3-4E36-A2A8-8C7F986F21CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{5CD6FB29-F303-43CA-880D-AA13ACC6E2A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | 
"{5D0CE4E4-3AB6-4556-9AC3-FB7EF0FF052B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{5ED61BAC-7A96-43F0-AAE7-C00FFBC69393}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{5FB92B4B-39E5-42BB-BAB8-17C88C503768}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{60C307A1-FCDD-4601-B5BA-4D2EFAEA650E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{61717047-CD4B-4B45-A9CD-8954AD14F527}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6264C23C-A9D7-453F-8F64-9A5C8D7A11AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{65112F6E-A883-4699-882F-0D52A7770498}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{655EF543-F9E9-44CC-ACDF-5ECD5C6A6B17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{66262594-F335-4FC0-A7D9-D8AAE27DAEF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machinarium\machinarium.exe | 
"{66A0664F-A5E0-438E-8420-F0FF723D41D0}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{67D3BBC4-BD90-4163-87FA-ABF8B459957E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{68CE1023-D82B-4484-B0E3-DBDD1E399C26}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6A6C675D-0055-4B03-81DE-2CF44A66050E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{6C8411AF-649C-493F-8564-F60D45467E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{6E6C9BAE-6D29-4953-BCA8-3A11B2AC84D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"{6F2D0798-A544-43F8-8276-DBCE0D04B7D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{6F31AED5-EDFE-45D8-8F1A-B4F09A418D11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{713EC011-E1EF-49C5-9578-AF729F32EBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{726FD470-5BFA-4125-99BE-62B9E6BA3163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{7296658B-EE2B-46AB-971B-77FDCCD2110B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{747FA110-2411-4C74-819D-B384DA756FF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{74A9A772-C9D4-4644-8D9F-E5A262364164}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe | 
"{758815C3-339D-4A50-89D5-11A9A30AEC77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{7715EC29-7279-4802-A1C4-7E9736C9BC40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{7813F47F-2AD9-427E-B1C4-84AFE498A010}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{7A17C374-0F17-41A5-9238-A83465B1102C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{7AAFAD9E-ABE4-4D49-B1C3-58A526441137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{7D0F93B3-07D7-44A1-9CBD-2071EA2ECBBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{7D86E84E-2710-4265-86DE-D20A370F0DA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe | 
"{82D86573-386C-4815-990E-C9588A7965D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{8363E6BE-7ABB-4A36-A247-57ACEB64328A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{839F31D3-FDF7-4E58-AE05-177D3B6EC531}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | 
"{83F231B9-2F44-4D98-B1F0-3120518878C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8430DC49-F6F4-4F20-97FA-07A5A437F4C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | 
"{8496497D-B1C6-4424-B4D4-0FE16BCC0FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{8947A501-6AF2-4A59-8FB8-15267B975C42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89D5FEC8-104C-4AA6-8611-5DD9AB77CF73}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8AAE2B54-A02E-4EA9-A536-F56D52D52A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{8AFEE873-F8F4-4E2C-9AE4-608D8A3CFC68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DADC433-FC71-4B20-85E3-5DC329063C60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{8E7F4B6C-7F98-47CC-9A35-01DD96A539AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8E9298B0-2EDD-4BDC-9376-A9ED0FE92A37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{8F907A3A-4996-4907-87A3-659FAC7D19B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{93794284-94A8-4DEC-96D1-69D41559CAD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{93D12A3D-5D9D-4149-BE73-B7BDDA2CA985}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{944A029F-E4E3-4CF1-8351-0C3EB1FF4486}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{94BA2703-1CDB-461B-8DD0-CAAC1390266A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{94CD534D-F32F-4F5F-BC80-86FC6789E2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{97A8BC14-2419-4DD9-ABC8-C88504F23A76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{98EEC45D-03B2-44C1-8241-C0F50736997C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9962E0A4-45A0-4154-A97D-C424A62BF1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe | 
"{9A8F9139-E2DF-4DBC-8294-600964AAE403}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{9CFE71FC-CD40-441D-9CA6-DB1A035CBEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{9D299C2B-AC82-4B79-9F6E-549DED60E65E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9D6B362A-0FE3-45E6-844C-6E1F3A91CC9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{A11B097E-E725-45AB-8EEA-99D07C3CB01B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{A138356B-E9E9-479B-A4F6-4B4B92E1E75C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A1E62830-F819-4FCA-99FA-640A2EBB4507}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{A1F88615-AD4D-4C6D-945F-87F78996B226}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A1FB4516-175E-4638-AC51-1F5DF3064BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{A26F0C46-1107-4AD9-B49D-2D7C45481AE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{A30E5863-3225-4F91-98CB-BE0867FDD668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{A55A8624-3703-4466-936C-61564A3C89F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A73D4928-DDA4-49DF-9431-1551C41AC5D4}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{A780F68C-3D4B-4141-B9E4-C60A37867567}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{A7DC78B0-7697-44D6-A517-3D9BEE54203B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{A886B30D-94C4-4ED7-B2CA-99D55B50BA7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{A9267509-DC3A-4059-BDDB-D92D54DA2C98}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AABDF000-0DB3-4BE1-B353-210B27D70D70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\ted.exe | 
"{AE557877-6A40-4E99-9C4B-963936EA2976}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{B009AD54-6494-4ABF-B688-6BF6A2FED7C8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B22A0058-A01D-41B9-A4B8-97FDE4E30FA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{B3934629-1500-4AC8-A150-228971B40D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe | 
"{B39409DE-E23A-4827-A4CA-65E7F03AE967}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{B3A3207A-0CFF-4BB9-9EA7-B7E8176139F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{B3BE95F3-174F-4C63-9864-53C6A186A8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{B4163DF6-AC69-466F-AAAE-EF920C12A9D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe | 
"{B4C32E16-EC57-4756-A05B-E3109A477002}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{B51E0597-C451-468F-B908-12D5061F76BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{B92AE9DB-21D5-4EF1-9A9B-FB3A47A1CF94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{BA1F0EA4-F8E8-4C03-9CDE-B628A85A95BB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BA2A1C7F-AEA3-462E-BC11-C9A9AA071F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BB2A7A0E-273A-48D9-924A-A0769344DBB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{BD84C893-867A-4D3E-9097-ABC176E30CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{BD8E12D8-A26C-481B-8E69-03DB15D23D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BDF72B8F-825D-431C-B979-CB3FD2D57FFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe | 
"{BE6645C3-EBDD-44E7-AB78-7FF4BC007D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{BFE91520-93BF-46BE-AEF7-20DC4BDBB293}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{C0AA679D-C4E2-4494-9F8D-44FC6AE46D2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{C0C06AE6-5583-4F22-A7D0-FA85E0A62963}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe | 
"{C0F3F015-F245-412F-B0B8-D88670929C10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{C195F4FA-228B-4AE6-9C64-7AC4E172AB52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C1EF731A-62BA-41FD-AFA5-C7B04EF08DA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C36E87EA-CD3D-4835-9C33-2309CC863C9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{C400F46D-9965-400B-999D-F3E469C91D69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"{C4E5071B-1AEA-4D58-9CA4-AD42B9631AA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C75C9223-54B0-4771-9E3E-DF246C6ABE22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{C79CCDA8-5D80-48DE-9DDE-464618F3C79C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\modding\show.bat | 
"{C79E0690-7DED-43D5-B42A-66F76E8793A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{C7BCDF9F-BD9D-4DF8-920D-C26FFE7C2591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C8A89EF2-3F13-491C-942F-B6EAD85A5520}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{C99F6DB8-1A0F-41F9-B74C-18BC2818DA00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{CA5A22A0-181E-4228-BAE7-CB0F55F4C0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | 
"{CB32C111-3D38-4E40-B8E5-1BD37D06E38C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CD751AE6-DAD5-44CE-8674-43D769C0B1D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | 
"{CEBB2673-1D49-41D7-86D0-CC7668E01484}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFA808DB-2724-44AA-8C41-1EE28C8F8D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{D25DA804-0817-44BD-837E-AD00348C110E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{D2A6255A-046C-4C93-A6D5-12B1F2C3AF5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D38B1D17-6D4E-489B-BD15-7A3490673B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{D3B29359-091F-4040-970D-2287E30D6FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{D4649B5E-8F28-46D8-BD53-9C0C42E6C5A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{D5AAFADE-2EE2-4FE5-9193-542A28FD786B}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{D6260D77-D3D8-4E94-B474-8053D7565E19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe | 
"{D8AFAE3F-3478-453E-99A8-128F0F637C34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{DA357AD3-4B0F-43C1-B15C-B9B4F099BCA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{DE9A44D6-C59C-4963-9FD8-B763043E344B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{DEB4CD1E-34BE-4421-A223-40913B39844F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{DEE4952C-1D21-4C8C-ADCD-56649E1FCC12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{DFF7A90E-CCF1-4499-8314-F7401FFD6F29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{E0AB04A2-E09A-4D52-A783-0B9BD1A58064}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E0FF019F-0396-4258-AE3E-1AA6B5EA7A3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{E19B1E45-FFF0-491F-BA2F-D0BF5EF4CE67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stranger's wrath\launcher.exe | 
"{E2E1EB5A-47E4-4C9A-BA43-631EFCB2890C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\capsized\capsized.exe | 
"{E598385F-7F64-4D26-B719-64D01EEBBA64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{E6AD5A17-0364-42B6-BB32-EC4EC24B653F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\braid\braid.exe | 
"{E825D225-3C16-4B2B-8C60-838ADB3C2A18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{E988D6F6-6CFF-44D5-A34E-6B712D3EA167}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E9FD1796-543D-42FD-A2C0-6BABA7A3D2A9}" = protocol=1 | dir=out | [email protected],-28544 | 
"{EA96BC86-6C5F-4D50-AFD5-2B4067185C0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{EB85EF42-9A9B-45DB-AEE0-84CADBEDDCE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{EC76AF44-71DC-4A30-AFE1-A8E7D4624619}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EC7BBA98-E22C-437B-A9B5-5877B0FAA5AA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC8EAFAF-6F97-4326-BBB6-07491DB686AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{EF81C34C-46AE-4461-A85C-7A28F21A5F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe | 
"{F05ADCDC-E6AF-4A5A-BF6A-AF450168E40C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{F0DA23BD-C400-4BCA-A1A9-642056657EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{F224303E-CBE1-4CCE-B565-062071578BBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F6D3BD5F-4CBC-469B-B56C-D9B6713EAA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F6FDF39F-2381-42B2-BEF6-D4102CAB051C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{FB39D0AC-8640-4EFE-A95F-1CC431F8CE17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{FDA80BD9-524B-4100-8EEB-044544B6C269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{FFCA21D1-4759-4282-B692-77B60A816E69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"TCP Query User{47D3AD4C-FCCC-497F-84A2-6C532B9C2DE1}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{4FAF5690-A965-47F7-B6E8-4A15F1AA1BFD}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{67039502-0801-4CC9-8C36-3CEE5894067C}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe | 
"TCP Query User{7966940D-673F-48EE-8A91-D6631B09B67A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{9ACC070D-5EF4-49B9-94A1-6B3AE87B4E82}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{9EF7DA58-0EF8-4878-B227-D1481D10CC0B}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"TCP Query User{A1A02D87-7476-49F4-8BEF-6C20D58F547E}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{BC898999-B5B8-4BB9-A949-7A10A98D1F94}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D06B23FA-5A65-4D87-931B-F4CD2B74DC19}C:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"TCP Query User{D3E9170B-379C-413B-AAD6-C2FFE86F790C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"TCP Query User{E64B8795-5DB5-4312-8558-75F570EE6F01}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{EBAA5FF3-69F2-4E26-A538-B51A1E527851}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe | 
"UDP Query User{0EFF0F17-9CD6-4D07-B809-7FEC59D8B48E}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{12A90483-0667-42F6-A66B-809968BAD4C8}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{22677715-51D7-4B0E-8E2F-763D8A18AD7F}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"UDP Query User{25FF95A7-AB4B-4F56-A593-97DE7A97197A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{9C23BE16-DE71-4B9C-83F1-12F04709EA77}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A4D4EEB4-3038-4F36-9C5B-6A967D748BD7}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{A710AB79-AC14-4AD4-8D35-67373F8F353A}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{C0E64104-DD51-4617-A364-DCF2A471CE01}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{C2F1192D-A745-4BD1-9F0E-FE212D87896A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{D3ADA51F-EFB4-4150-B387-BEC51E0BC9C8}C:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe | 
"UDP Query User{DF734572-7EC8-4A15-8CF2-414ACCCF5CD6}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe | 
"UDP Query User{EE6722AD-E96F-4B8D-A945-28D66BB04C2B}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1324D89E-6452-A561-B97E-053C2AE6F7FF}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{CC1FE395-D90F-712C-E013-EBDCC30433B1}" = AMD Fuel
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B30DAC0-DE51-11E2-9A5B-B8AC6F98CCE3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = AMD VISION Engine Control Center
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.00.8037
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Internet Security
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 111100" = Snuggle Truck
"Steam App 12210" = Grand Theft Auto IV
"Steam App 15750" = Oddworld: Stranger's Wrath HD
"Steam App 200710" = Torchlight II
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202480" = Creation Kit
"Steam App 202920" = Total War: Shogun 2 - TEd
"Steam App 202930" = Total War: Shogun 2 - Assembly Kit
"Steam App 203770" = Crusader Kings II
"Steam App 207170" = Legend of Grimrock
"Steam App 207690" = Botanicula
"Steam App 208500" = F1 2012
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212070" = Star Conflict
"Steam App 213850" = Magic 2014 
"Steam App 218230" = PlanetSide 2
"Steam App 22330" = The Elder Scrolls IV: Oblivion 
"Steam App 225640" = Sacred 2 Gold
"Steam App 230410" = Warframe
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 35720" = Trine 2
"Steam App 40700" = Machinarium
"Steam App 42160" = War of the Roses
"Steam App 43110" = Metro 2033
"Steam App 4540" = Titan Quest
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 48700" = Mount & Blade: Warband
"Steam App 50650" = Darksiders II
"Steam App 55110" = Red Faction: Armageddon
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 570" = Dota 2
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
"Steam App 6060" = Star Wars - Battlefront II
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Uplay" = Uplay
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/07/2013 13:51:56 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.9.32.0, time stamp:
 0x51437ce5  Faulting module name: d3dx9_40.dll, version: 9.24.950.2656, time stamp:
 0x48ec1d70  Exception code: 0xc0000005  Fault offset: 0x002ca63c  Faulting process id:
 0xe30  Faulting application start time: 0x01ce8638976e0d4c  Faulting application path:
 C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe  Faulting module path:
 C:\Windows\system32\d3dx9_40.dll  Report Id: 3b8fdd9f-f22e-11e2-9677-902b341148ea
 
Error - 21/07/2013 19:29:10 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22/07/2013 12:29:19 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22/07/2013 16:10:48 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22/07/2013 19:05:52 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.9.32.0, time stamp:
 0x51437ce5  Faulting module name: TESV.exe, version: 1.9.32.0, time stamp: 0x51437ce5
Exception
 code: 0xc0000005  Fault offset: 0x00051a58  Faulting process id: 0x738  Faulting application
 start time: 0x01ce872d6d2b0cfc  Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe
Faulting
 module path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe  Report
 Id: 411ec561-f323-11e2-8910-902b341148ea
 
Error - 23/07/2013 14:57:33 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/07/2013 15:15:59 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/07/2013 16:43:16 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23/07/2013 18:31:13 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.9.32.0, time stamp:
 0x51437ce5  Faulting module name: TESV.exe, version: 1.9.32.0, time stamp: 0x51437ce5
Exception
 code: 0xc0000005  Fault offset: 0x00051a58  Faulting process id: 0x1090  Faulting application
 start time: 0x01ce87f272053f7f  Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe
Faulting
 module path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe  Report
 Id: 9462213d-f3e7-11e2-9359-902b341148ea
 
Error - 24/07/2013 15:19:32 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24/07/2013 16:21:44 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program TESV.exe version 1.9.32.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1050    Start Time:
 01ce88ab2bd558eb    Termination Time: 61    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe
 
Report
 Id:   
 
Error - 24/07/2013 16:43:22 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.9.32.0, time stamp:
 0x51437ce5  Faulting module name: TESV.exe, version: 1.9.32.0, time stamp: 0x51437ce5
Exception
 code: 0xc0000005  Fault offset: 0x00051a58  Faulting process id: 0x102c  Faulting application
 start time: 0x01ce88acef5ed1c4  Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe
Faulting
 module path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe  Report
 Id: adb901d4-f4a1-11e2-932b-902b341148ea
 
Error - 25/07/2013 14:53:35 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09/04/2013 16:09:36 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 09/04/2013 17:39:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 09/04/2013 21:00:05 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 09/04/2013 22:17:02 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 10/04/2013 00:18:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 10/04/2013 00:19:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 10/04/2013 15:50:59 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 10/04/2013 15:51:47 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 10/04/2013 23:51:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
   %%2
 
Error - 11/04/2013 00:26:09 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
 
 


#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 25 July 2013 - 02:17 PM

If you didn't purposely install Ask Toolbar
Close down all browser windows and uninstall it from 'Programs and Features' in Windows Control Panel

Then do the following please
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

With the above logs: Can you reopen OTL.exe, run another scan and post the new log that opens

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 August 2013 - 10:10 AM

As the original poster has not returned, I'll lock this topic
If you do return and still need a hand here, send me a PM please and I'll reopen it

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here