Xmon13

I haven't been doing anything else with it except for slowly going through your tasks when I have the time (In safe mode w/ networking). I am to a point where I am willing to do a Windows re-install if you believe it will fix my issue although I would like to ask for your direction on this as I have not done it personally. I understand you have helped me TREMENDOUSLY in this issue and hope you understand how much I appreciate it as I feel it has moved out of the malaware department and isn't exactly necessary for you to go above and beyond. That being said it is your call. If anything would you know any forums or sites you could recommend I continue my quest?

Method 1: No Error Messages just a dialog box. Method 2: Installer was not disabled. Was already in manual I went to preferences double checked to be sure then right-clicked and pressed start on Windows Installer. Received Error 1084 Windows Installer cannot run in safe mode. Method 3: V 5.0.7600.16385 By what the error says I guess I can't run in safe mode but I am confused as before this point I have been able to uninstall programs in safe mode. P.S. I also used Revo to uninstall Adobe Reader but could not install its new version from the website.

Disabled Java in browsers but I can not uninstall or install Adobe Reader or any programs as there is now something wrong with Windows Installer.

All processes killed ========== PROCESSES ========== ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Z1 deleted successfully. File not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\osk.exe deleted successfully. File not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\ not found. File K:\ToolLauncher-Bootstrap.exe not found. ========== FILES ========== C:\Users\Xavier\AppData\Roaming\AVG2012\cfgall folder moved successfully. C:\Users\Xavier\AppData\Roaming\AVG2012 folder moved successfully. ========== COMMANDS ========== Unable to start System Restore Service. Error code 1084 [EMPTYFLASH] User: All Users User: Default User: Default User User: hedev User: Public User: Xavier ->Flash cache emptied: 392847 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: hedev User: Public User: Xavier ->Java cache emptied: 26575334 bytes Total Java Files Cleaned = 25.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: hedev ->Temp folder emptied: 43164427 bytes User: Public User: Xavier ->Temp folder emptied: 331849804 bytes ->Temporary Internet Files folder emptied: 174418060 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 749748287 bytes ->Google Chrome cache emptied: 55093953 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 9604096 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2532917 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 119144 bytes Total Files Cleaned = 1,303.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02112013_095323

Rkill 2.4.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/11/2013 09:47:05 AM in x64 mode. Windows Version: Windows 7 Home Premium Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Xavier\Desktop\rkill\rkill-02-11-2013-09-47-07.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 02/11/2013 09:47:17 AM Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

Ok I have begun your steps. Yesterday I removed my video card and ran integrated for one boot test and received same old results. I wanted to be sure this wasn't my previous problem all over again(couldn't even boot in safe mode back with that issue) as the old problem had caused damage to a graphics card. This was not the case how ever and I will notify you when I finish these steps. School and work has me busy again but please do know I am only following your guide when I return home.

I pressed f8 during startup there was no VGA mode only a low resolution video (640x480) and when attempting to start in that mode for normal windows I received same blue screen.

I believe Radeon Pro saves certain game profiles for your card to run in contrast compare to settings for your desktop although I never really required/used it after it using 1 or 2 times with little improvement.

Ok I am going to attempt what you said but do know I kept my video card's driver up to date through their site you must download the Catalyst Control Center. I did notice when attempting to update video card drivers at one point using their auto updater it detected my integrated graphics and wanted to update those drivers. When I saw this I chose to manually go to their site and enter my card spec. It may have updated just the CatalystControlCenter. Yet after all this I checked My Computer preferences and windows index detected both cards. I did not pursue as games continued to run in their normal glory. I say all this to ask:must I manually delete the old/integrated drivers? and if so how exactly? and how do I get CCC to detect and update the proper 6800 drivers.

Sorry for not being able to do as much today will try to respond much quicker now.

Results of screen317's Security Check version 0.99.57 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 30 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0.1) Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 Google Chrome 24.0.1312.56 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

{586A5957-F21B-C8AD-F5C2-11D4D7DA5340} = CCC Help German {595a3116-40bb-4e0f-a2e8-d7951da56270} = NeroExpress {633414E3-AA2A-CD04-5976-E91F5F871396} = CCC Help Japanese {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} = Microsoft_VC90_MFC_x86 {63C1109E-D977-49ED-BCE3-D00D0BF187D6} = Windows Live Mail {67E03279-F703-408F-B4BF-46B5FC8D70CD} = Microsoft Works {6A92E5C5-0578-443D-91F3-92ECE5F2CAE2} = Windows Live Writer {6A9D1594-7791-48f5-9CAA-DE9BCB968320} = Kingdoms of Amalur: Reckoning {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable {7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable {75983B66-804C-40D1-BA13-64DAF652A6F1} = Medieval II Total War : Kingdoms : Americas {769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3} = Catalyst Control Center InstallProxy {7748ac8c-18e3-43bb-959b-088faea16fb2} = Nero StartSmart {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} = Apple Software Update {7AEE1963-7001-4C37-BC20-2FAEB74AA41C} = Medieval II Total War : Kingdoms : Teutonic {7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 = Need For Speed™ World {7F811A54-5A09-4579-90E1-C93498E230D9} = Gateway Recovery Management {812FF572-F216-EBA0-123E-636C1B6EBC5B} = CCC Help Korean {83202942-84b3-4c50-8622-b8c0aa2d2885} = Nero Express Help {832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F} = Microsoft Games for Windows - LIVE Redistributable {837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable {85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1} = CCC Help Russian {869200db-287a-4dc0-b02b-2b6787fbcd4c} = Nero DiscSpeed {883CCFC7-CA6B-5531-704B-F9A64546B309} = CCC Help Thai {888F1505-C2B3-4FDE-835D-36353EBD4754} = Ubisoft Game Launcher {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight {8BDD3EC9-27E9-E490-7607-AF97FA678046} = CCC Help Italian {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} = Choice Guard {90120000-0020-0409-0000-0000000FF1CE} = Compatibility Pack for the 2007 Office system {90140000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2010 {90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2010 {90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2010 {90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2010 {90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2010 {90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2010 {90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2010 {90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2010 {90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2010 {90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2010 {90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0044-0409-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (English) 2010 {90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2010 {90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-00A1-0409-0000-0000000FF1CE} = Microsoft Office OneNote MUI (English) 2010 {90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-00BA-0409-0000-0000000FF1CE} = Microsoft Office Groove MUI (English) 2010 {90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2010 {90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979} = Microsoft Office 2010 Service Pack 1 (SP1) {90140000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2010 {90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF} = Microsoft Office 2010 Service Pack 1 (SP1) {91140000-0011-0000-0000-0000000FF1CE} = Microsoft Office Professional Plus 2010 {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE} = Microsoft Office 2010 Service Pack 1 (SP1) {92D58719-BBC1-4CC3-A08B-56C9E884CC2C} = Microsoft_VC80_CRT_x86 {943A8D28-80D6-41DC-AE94-81FEB42041BF} = System Requirements Lab CYRI {95120000-00AF-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint Viewer 2007 (English) {9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 {9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 {9DA5221E-15DE-5B0F-D7BE-CCC7305575DD} = CCC Help Dutch {9FD6F1A8-5550-46AF-8509-271DF0E768B5} = Dual-Core Optimizer {A1400F57-65CC-0C22-6461-948EA2837670} = CCC Help Hungarian {A1BF9950-8CDB-468E-83FA-EACFB00EA7D5} = Windows Live Sync {A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC} = HydraVision {A561BB5F-5A85-5D88-E520-0A4512D5E6C0} = CCC Help Norwegian {A8B72907-B3F5-4C18-2D2B-F5E786A520DF} = CCC Help Polish {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} = ImagXpress {AC76BA86-7AD7-1033-7B44-AA1000000001} = Adobe Reader X (10.1.4) {AD219F94-16F2-937F-076A-F22DAA8D0A0B} = CCC Help Finnish {B2B5B39B-4E8C-AC78-7FF1-7055C338D243} = Catalyst Control Center Graphics Previews Common {b2ec4a38-b545-4a00-8214-13fe0e915e6d} = Advertising Center {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 = Spybot - Search & Destroy {B42A6552-1A83-4D79-9137-AB0C9036249A} = Quake Live Mozilla Plugin {B672D77A-8BA3-24EF-3421-8FB8E35E2A8D} = Catalyst Control Center InstallProxy {B6D38690-755E-4F40-A35A-23F8BC2B86AC} = Microsoft_VC90_MFCLOC_x86 {bd5ca0da-71ad-43da-b19e-6eee0c9adc9a} = Nero ControlCenter {BDE646E8-86E0-50E1-37BC-0AEBB2185D76} = Adobe Widget Browser {BDF2A175-ED4D-4CE7-BF4E-2725566D64F3} = XEd {C0698BDA-0D29-40EE-8570-A31106DF9AB1} = Medieval II Total War {C6CA8874-5F22-4AF0-9BE3-016BF299C536} = Windows Live Essentials {cc019e3f-59d2-4486-8d4b-878105b62a71} = Nero DiscSpeed Help {CEDDEE73-3D36-41C2-AA40-29355D9FBD63} = Medieval II Total War : Kingdoms : Britannia {Clear Sky Complete v1.1.3}}_is1 = Clear Sky Complete {D1A19B02-817E-4296-A45B-07853FD74D57} = Microsoft_VC80_MFC_x86 {D92BBB52-82FF-42ED-8A3C-4E062F944AB7} = Microsoft_VC80_MFCLOC_x86 {dba84796-8503-4ff0-af57-1747dd9a166d} = Nero Online Upgrade {DD8ACFF8-098E-130C-2799-BCA4D41EBAB2} = CCC Help Chinese Standard {DE123FE9-B7F6-A75A-920D-3937FB9F06E4} = CCC Help Portuguese {dee20f07-04f7-40f0-99bd-afcbd8377f0d} = Nero 9 Essentials {E2F0AF23-FE2F-4222-9A43-55E63CC41EF1} = Catalyst Control Center - Branding {E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} = Microsoft Office Suite Activation Assistant {e5c7d048-f9b4-4219-b323-8bdb01a2563d} = Nero DriveSpeed Help {e8a80433-302b-4ff1-815d-fcc8eac482ff} = Nero Installer {E91E51A3-57D2-411B-899F-5AB27E900FEF} = DayZ Commander {EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} = Nexon Game Manager {EACFCDA4-3286-4DEB-92D8-53006239F347} = ArmA II Launcher {EE171732-BEB4-4576-887D-CB62727F01CA} = Gateway Updater {EE253E80-C298-4A31-BB22-7280DC8C7177} = CCC Help Czech {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} = Microsoft SQL Server 2005 Compact Edition [ENU] {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver {F2835483-37F2-4123-B4FE-0E77D58447F2} = Far Cry 2 {f4041dce-3fe1-4e18-8a9e-9de65231ee36} = Nero ControlCenter {F648F088-B270-CF18-6486-AF8B1FE6BC09} = CCC Help English {F6BD194C-4190-4D73-B1B1-C48C99921BFE} = Windows Live Call {F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8} = MechWarrior Online {fbcdfd61-7dcf-4e71-9226-873ba0053139} = Nero InfoTool {FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} = Visual Studio 2008 x64 Redistributables {FD85D9C0-783A-77B7-8EF8-326EC6C154D1} = Catalyst Control Center Localization All {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 A2ACR Data cache removal = ARMA 2 Army of The Czech Republic - Data cache removal A2BAF Data cache removal = ARMA 2: British Armed Forces - Data cache removal Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin APB Reloaded = APB Reloaded avast = avast! Free Antivirus BandiMPEG1 = Bandisoft MPEG-1 Decoder BattlEye for A2 = BattlEye Uninstall BattlEye for OA = BattlEye for OA Uninstall Brawl Busters = Brawl Busters chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 = Adobe Community Help com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 = Adobe Widget Browser ERUNT_is1 = ERUNT 1.1j GamersFirst LIVE! = GamersFirst LIVE! GangLand_is1 = GangLand Gateway InfoCentre = Gateway InfoCentre Gateway Photo Frame = Gateway Photo Frame 4.2.3.10 Gateway Registration = Gateway Registration Gateway Screensaver = Gateway ScreenSaver Gateway Welcome Center = Welcome Center Identity Card = Identity Card InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121} = Gateway MyBackup Kenshi 0.29.6 = Kenshi 0.29.6 Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware version 1.70.0.1100 Marvell Miniport Driver = Marvell Miniport Driver Mozilla Firefox 18.0.1 (x86 en-US) = Mozilla Firefox 18.0.1 (x86 en-US) MozillaMaintenanceService = Mozilla Maintenance Service Office14.PROPLUSR = Microsoft Office Professional Plus 2010 OpenAL = OpenAL Origin = Origin PunkBusterSvc = PunkBuster Services RadeonPro_is1 = RadeonPro 1.0 (Build 1.1.0.6) Rockstar Games Social Club = Rockstar Games Social Club S.T.A.L.K.E.R. - Clear Sky_is1 = S.T.A.L.K.E.R. - Clear Sky S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 = S.T.A.L.K.E.R. - Shadow of Chernobyl Steam App 102700 = Alliance of Valiant Arms Steam App 105600 = Terraria Steam App 107100 = Bastion Steam App 113420 = Fallen Earth Steam App 1522 = DEFCON Demo Steam App 17080 = Tribes: Ascend Steam App 1840 = Source Filmmaker Steam App 200260 = Batman: Arkham City GOTY Steam App 201790 = Orcs Must Die! 2 Steam App 202170 = Sleeping Dogs™ Steam App 204060 = Superbrothers: Sword & Sworcery EP Steam App 204100 = Max Payne 3 Steam App 204680 = Shank 2 Demo Steam App 205100 = Dishonored Steam App 20540 = Company of Heroes: Tales of Valor Steam App 208480 = Assassin’s Creed® III Steam App 209830 = Lone Survivor Steam App 209870 = Blacklight: Retribution Steam App 212630 = Tom Clancy's Ghost Recon Future Soldier Steam App 214250 = I Am Alive Steam App 214850 = GameMaker: Studio Steam App 218230 = PlanetSide 2 Steam App 219640 = Chivalry: Medieval Warfare Steam App 21970 = R.U.S.E Steam App 220240 = Far Cry® 3 Steam App 22100 = Mount & Blade Steam App 224540 = Ace of Spades Steam App 240 = Counter-Strike: Source Steam App 26800 = Braid Steam App 28050 = Deus Ex: Human Revolution Steam App 33900 = ARMA 2 Steam App 33930 = ARMA 2: Operation Arrowhead Steam App 34330 = Total War: SHOGUN 2 Steam App 35450 = Red Orchestra 2: Heroes of Stalingrad Steam App 3830 = Psychonauts Steam App 400 = Portal Steam App 4000 = Garry's Mod Steam App 40800 = Super Meat Boy Steam App 40810 = Super Meat Boy Editor Steam App 43110 = Metro 2033 Steam App 440 = Team Fortress 2 Steam App 4560 = Company of Heroes Steam App 48000 = LIMBO Steam App 48700 = Mount & Blade: Warband Steam App 48720 = Mount & Blade: With Fire and Sword Steam App 4920 = Natural Selection 2 Steam App 55040 = Atom Zombie Smasher Steam App 570 = Dota 2 Steam App 57300 = Amnesia: The Dark Descent Steam App 58610 = Wargame: European Escalation Steam App 620 = Portal 2 Steam App 630 = Alien Swarm Steam App 63000 = HOARD Steam App 644 = Portal 2 Publishing Tool Steam App 65700 = ARMA 2: British Armed Forces Steam App 730 = Counter-Strike: Global Offensive Steam App 7670 = BioShock Steam App 8190 = Just Cause 2 Steam App 8930 = Sid Meier's Civilization V Steam App 9340 = Company of Heroes: Opposing Fronts Steam App 9900 = Star Trek Online Unity_of_Command_DEMO = Unity of Command DEMO Vindictus = Vindictus VLC media player = VLC media player 2.0.0 Warcraft III = Warcraft III WildTangent gateway Master Uninstall = Gateway Games WinLiveSuite_Wave3 = Windows Live Essentials World of Warcraft = World of Warcraft Xfire = Xfire ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] {74d11f91-05cc-44f6-8e49-94fe7f33c79b} = MechWarrior Online GeoGebra 4 = GeoGebra 4 Google Chrome = Google Chrome SOE-PlanetSide 2 Beta = PlanetSide 2 Beta UnityWebPlayer = Unity Web Player Warcraft III = Warcraft III: All Products ========== Last 20 Event Log Errors ========== [ System Events ] Error - 2/3/2013 5:30:42 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:33:06 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:33:06 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:33:06 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:37:50 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:37:50 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:37:50 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:40:12 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:40:12 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/3/2013 5:40:12 AM | Computer Name = Xavier-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report >

OTL Extras logfile created on: 2/3/2013 1:30:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xavier\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.79 Gb Available Physical Memory | 87.56% Memory free 15.50 Gb Paging File | 14.56 Gb Available in Paging File | 93.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 914.41 Gb Total Space | 265.36 Gb Free Space | 29.02% Space Free | Partition Type: NTFS Computer Name: XAVIER-PC | User Name: Xavier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</extension> .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</extension> .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]</extension> .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</key> batfile [open] -- %1 %* cmdfile [open] -- %1 %* comfile [open] -- %1 %* exefile [open] -- %1 %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation) InternetShortcut [open] -- C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- C:\Windows\System32\rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML %1 (Microsoft Corporation) piffile [open] -- %1 %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- %1 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- %1 /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 () Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</key> batfile [open] -- %1 %* cmdfile [open] -- %1 %* comfile [open] -- %1 %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation) exefile [open] -- %1 %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation) piffile [open] -- %1 %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- %1 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- %1 /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 () Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] cval = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] VistaSp1 = 28 4D B2 76 41 04 CA 01 [binary data] AntiVirusOverride = 0 AntiSpywareOverride = 0 FirewallOverride = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] DisableNotifications = 0 EnableFirewall = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] DisableNotifications = 0 EnableFirewall = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] DisableNotifications = 0 EnableFirewall = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] {012975AD-CFC0-4EF7-9D3F-BA84CFE174F9} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | {0505F9AA-1DA7-4734-836C-EE41DFF88AA1} = lport=138 | protocol=17 | dir=in | app=system | {0873EA82-D955-4028-8CBA-3CA2CBC37CB3} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | {0E946B55-5621-4825-8173-ECC29D7F7795} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | {16558D7F-E46D-468F-80D0-02A2259D05A4} = rport=138 | protocol=17 | dir=out | app=system | {245F8EA6-0D79-4263-B761-AC01123FC65C} = lport=10243 | protocol=6 | dir=in | app=system | {6D151FB0-B34C-4B44-A89E-BCE87D4984DE} = lport=139 | protocol=6 | dir=in | app=system | {6D45E8EC-0F4A-4416-A4A8-A3B7F72FA888} = rport=139 | protocol=6 | dir=out | app=system | {726DA12E-C54A-472C-A655-49635BD7023E} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | {8A613F17-C9B5-4472-9816-568642C8E014} = rport=137 | protocol=17 | dir=out | app=system | {8BC1C17B-F208-45D9-8BB6-705A178192F2} = lport=445 | protocol=6 | dir=in | app=system | {8FB3B2FF-ED39-45F5-8274-61DB69DF04F7} = lport=2869 | protocol=6 | dir=in | app=system | {92770B21-D231-4D0C-9A59-EC216EB9D73D} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | {97203996-68F0-4F07-91D4-A4109D946417} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | {A984CDD6-17B4-4C92-8704-39F8A7141524} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | {AB93F481-3C23-4D7F-8F73-0AFD6E96EA7C} = rport=445 | protocol=6 | dir=out | app=system | {AC59AD46-F27B-4275-93DD-1B8C956591E0} = lport=2869 | protocol=6 | dir=in | app=system | {AF1A2B3F-DFF5-40FF-8E2C-46C9966740BA} = lport=137 | protocol=17 | dir=in | app=system | {B1228B54-783B-4EA9-A9F7-E404FF1AD9A7} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | {C19674FF-7E23-4CA6-8729-D9E66CDC939D} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | {D90F1B82-1794-40F3-A7B2-DFD89030ED55} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | {DD175980-F560-475B-AEC3-48F06A0FBA20} = rport=10243 | protocol=6 | dir=out | app=system | {DFB78595-CDDB-4ED2-93E8-ACDEABA72E72} = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {FCEC3C04-DA18-4F02-9AD9-25A1A16ECE25} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] {00647342-81B9-4803-A584-158641D5F1F2} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | {00B90E11-32B9-478C-B4B7-4AF8DC578A22} = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | {017A305B-34B7-4D23-8864-53E5CF1CE073} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | {05BECB7F-66AB-4184-9D96-6E1B66DF60F2} = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {06C09C40-71AB-46FE-9EE4-714FE945E1F0} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | {08312CF2-F783-44DC-821B-AEE7BD003B35} = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {085802F9-F69C-48E5-9E04-B7F794CF5C47} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | {08C3D6DF-78C5-4F0A-9872-67F8CDA50407} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe | {09D2D643-BDCD-419C-9DEC-C2BB7904F693} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | {0AF74C42-1872-4215-B152-49111C946B11} = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | {0B9D4813-7ED8-4809-8EE1-56AA7FF4729D} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | {0E178747-4079-42D3-95F2-9F263425DB26} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | {0F64D740-F8CB-4C2E-B373-5DC64B04A9B5} = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe | {0F7F406D-CDA1-45EE-B261-2FF84DE7A275} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | {0FA1422F-56B1-4232-86D4-845BBE7AF5E1} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | {0FFB1BB4-7669-4187-8717-844685BFA2D6} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | {106D218D-1733-4C52-AA46-3F22057C391D} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | {10F8071D-BBC7-4AE4-8E68-E3DB64095410} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | {1324A541-DA15-4A9B-80C3-73A130C662C8} = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | {13AE9DDB-E2D5-4AC4-A7B0-4CB0A3B6B338} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | {13C50EAB-81A8-454D-9485-5379E2EA080B} = dir=out | app=%programfiles% (x86)\kalypso media\tropico 4\tropico4.exe | {15189B27-6A40-44AA-BDB8-D568DF21E9DA} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | {153C814E-CF20-43D4-BC47-921F51E714FE} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\counter-strike source\hl2.exe | {16148049-2A55-47DA-AF91-8F5BF82A1AAA} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | {162E16B1-40CA-4C8D-AF16-27E36D762A23} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | {1678309C-13F9-4B90-A16D-9FA16B2CEEA5} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | {16869910-1E05-4C67-89FB-4BCC59844D43} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | {17BAD86F-3D9F-4D82-9106-E9273CDF989F} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | {182A2DDF-D37B-4F66-9971-B2EF6E3E9BDC} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | {18A0CDE2-AA1C-43A1-BC1B-66B82B268772} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | {1B77A81F-D427-4D46-91A5-1F3762FB1598} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | {1C437299-388A-43D9-9E8C-AF24664ED1BF} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe | {1C58ACBE-7D05-48FC-A360-8DE69D8925FD} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | {1D337DFD-EFF1-4730-8942-9077D1E00C72} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | {1EEB8818-B726-447B-9E32-E72A7C7BA316} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | {1F1C61D3-E58D-4B27-A3F2-7AF3422BED97} = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | {1F5C96F3-585E-4A71-87FA-7415EEE37C21} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | {1FB8EF1C-0385-4976-9A7F-9B579D2EAAF5} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | {20B4C870-F8EA-4D4D-974E-BCBFF4B5D7EF} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | {2312864F-2807-46A2-9C27-057387778B0A} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {23728834-7864-4094-B8F5-B544F80FD42B} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | {24C0A487-CE9A-4907-9BAE-3244DA515EF1} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | {2500B04B-2A80-4B3C-9850-0AC2F85530C8} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | {2644429A-58F0-4832-A44D-7FB7E3BA25AC} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | {269A1DB8-DADC-4802-A434-61F2152918E6} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | {26A8CD56-26AF-4C8B-8892-AC763D78A261} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | {2895475D-EB7C-4BDC-AC6E-AC1BDBFE97DA} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | {2C19D125-4CE2-48D8-8D47-513C5C69A1F2} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | {2CFF2889-7BEC-4A0D-88BD-BFE58C656511} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | {2D7A86A4-B9E7-40D0-9243-49D0D4581CEA} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | {2E034F6A-C9C4-4FAC-9A3E-223068A30D90} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | {2EECA0DB-1F41-4B36-B17B-67F1AD6B4800} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat | {2FB71ADF-46C4-43BA-AC8B-6BED6C34CFA8} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | {330A8765-A954-4C2A-921D-DB8EA8469508} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | {33207665-2DFD-4A71-AEDA-023FB6F0F4C1} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | {33BBB649-2CF2-4A53-BC87-301FE48616E9} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | {33BDACCE-7DA1-40C0-ABAF-3533A7BACAEB} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | {341C6264-9501-4151-92A4-E7D10B48ECA5} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | {34A0931C-C929-49BC-93F4-E7FEBE0E39E6} = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | {35151095-7B32-4868-8ED4-8484159DA776} = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | {35D4AF7A-E6D3-44BD-8ED9-18174EF628C3} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | {36AE1C9B-4230-484E-B854-2389735B4CFA} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe | {36EFA68D-2E26-4D79-9EF2-95CD8B4C4AF5} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | {376BC588-DDA0-4ABD-891A-BD4472787B43} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | {37810D1D-4E74-4AAA-9342-36BDC37850B5} = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | {3923323D-E546-43F7-8DCD-B0E99BBA6543} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | {39EDF2F6-036E-42AE-98FB-F867C8C16329} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | {3A07F9B6-3B1E-47A8-B5CA-3CD4D51AC150} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier.exe | {3A90D108-B9A6-4F6A-B903-B4D14B5B5C3A} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | {3D095A7D-BDEF-4183-8C4F-9394B17C1DB2} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | {3D15AB11-553A-4E94-B182-CDF732AD54C3} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe | {3D7A1F3A-BBE8-491D-9286-29B6DF2849D2} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe | {3DBDCD35-F532-45D4-84E6-94A6796E15C0} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | {3E06C7D8-B821-4DF2-87C7-2558DF3447E8} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | {44C26DE6-FB9D-4062-B57A-8FA2D69F8FFE} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | {4644F784-563C-4217-965E-99809B363F53} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | {479F0357-7C85-4750-A32B-62BE5D1AB6DB} = protocol=6 | dir=in | app=c:\program files (x86)\end of nations beta\rtsclientg.exe | {48D902B9-C9F2-4C26-A975-B3D4AB2CD621} = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | {4B886244-C3CC-46B4-9F10-5B24167C53EF} = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | {4BB6CB9B-3BBE-47D3-AF8D-B6CE688C0CE8} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {4DA56A40-1FA7-43C8-B04B-3B8FE6F3F6DE} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | {4DE02F25-F3BB-47D9-87BC-C3B40B1EBC52} = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | {4ED21217-28BD-44F8-8C96-EFD0F7FE841E} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | {4F265CB8-63A5-4393-A810-42E175E7ACA2} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | {4FB7DE4E-7D18-4683-8B2F-2E2C1C427130} = dir=in | app=%programfiles% (x86)\kalypso media\tropico 4\tropico4.exe | {4FDFD114-6448-45FC-86EF-ACA1B02E87A9} = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | {509AB999-4C31-4AF9-820E-95D31DF7EF21} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | {52146926-698D-4311-933C-E46A85B2A059} = protocol=17 | dir=in | app=c:\program files (x86)\end of nations beta\rtsclientg.exe | {53ADD39F-9589-4B7F-BD07-66B29E9A6ABD} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | {54812C77-6685-4658-9D92-019AD6DA6B58} = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | {56A0CF95-8ADF-4A4E-8D80-7A52E08C492C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | {58202256-6C09-4D5C-A55A-3CB5376470B8} = dir=out | app=%programfiles% (x86)\kalypso media\tropico 4\tropico4.exe | {5848E37C-16A1-47C6-B1CA-CDCB2EDF1932} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | {5A8A4BE0-D1E0-472F-B53A-BD3CB71FC046} = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | {5AFA5350-A525-4EB0-A3DE-24CF33C91532} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | {5D47B625-F120-4E79-9AE7-1A52C5F66D68} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | {5EADFCC9-62AF-403F-B8A7-7C90A9F0C462} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | {5F3A9696-17FB-4CE7-84C4-208191C34B10} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | {602E7DD0-696B-486E-AE94-1BD32BDFC6B3} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\garrysmod\hl2.exe | {6172BB91-69CD-476F-B7A2-9BCCB7B7FF9E} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | {6181D7ED-C59B-4242-B2CA-92A3524E7D76} = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | {62A2454E-5812-49BB-89DE-B60A68A50191} = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | {63ACCF62-77F6-4D09-BB6E-02943D17F19B} = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | {640A6A18-19F7-4FBE-87C3-8694F683DAB4} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {642B3F1C-5086-4184-A2C4-9963D398E8D8} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | {649D2437-5793-4501-8DDE-9B23D4E9516D} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | {65AF663A-96AF-4797-BA66-BACC626F90DB} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | {66170F4F-0530-47D6-A438-76EB2D8055F8} = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | {66AFD9EE-E0B2-4325-B4B9-467C9AEADC12} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | {6710D5AF-718F-4B51-8148-F520EB9ECC57} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | {67386F58-E197-4FB6-AD89-E76FC82904A7} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | {6CB098CD-B266-4BDD-AC56-FC28F9B2D527} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | {6CDEE042-0C31-4040-8BD7-8B38F81DDCDB} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe | {6D41539E-D7C4-4F21-AA04-3D9829624FE5} = protocol=6 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe | {6D41561F-9013-4B1B-8D26-B83EF725763B} = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | {6E1688DF-88B8-451A-A3B3-1F02115004C9} = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | {6EE19CAB-DF1F-4C0B-BF9E-60E5AABB586F} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | {72011B03-C234-41D7-AE88-B40651569866} = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | {720CC696-A214-48BC-91A4-11C9376968A4} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier.exe | {7403CB69-C364-459B-BB5C-CAE37EDB3468} = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | {752F6B80-4333-4961-B10C-82F56F479E8F} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | {755BC9BF-FC58-474F-B601-1643F3DBA537} = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | {7626FDF2-3208-4B50-93DE-E16B4158C1F4} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | {7766D467-7CBB-476D-8B5D-7D4B07922D6D} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | {7958E7EE-CCA3-4324-A54F-326D84E691A2} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | {79980368-3E0C-4EFE-A0CA-DBED318837EA} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | {79C8F3B9-FEA7-4844-A691-34A2A703F14D} = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | {7AD8D13F-DB2C-4ED8-8CD0-ACCC820EB902} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2 demo\bin\shank2.exe | {7B6A2478-FB0F-41D6-8025-F250857ADFA0} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | {7B71D3FB-338D-4890-B8B5-52EDFA3E62A8} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | {7BCA125E-8F41-4588-8EBE-98C44BEFA65A} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | {7C78DF30-930E-4103-9C50-34BBE2011471} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | {7E9FDAD4-7E14-49D0-A3FC-A933605BF19F} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | {7EC1D5B6-ECDA-4FF4-AE7C-33487427C8F9} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4 - demo\tropico4-demo.exe | {7FDB7508-5108-41FF-BC50-6015AAE02C6C} = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | {80EA7F10-E334-4178-B342-7F5E5AFD440D} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | {8404DC9E-3B5F-47D3-934E-641F589C935C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | {850FF96D-8BAD-4D25-A7B2-81BCFD585373} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | {853C4A4A-8D1D-4F97-95F7-19A36E390458} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | {856E8AFC-7E5E-4941-ABDB-11A3BFC5A4C1} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\garrysmod\hl2.exe | {85D9B295-3C75-4521-89F7-21245A40FE52} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | {85F9018C-C253-4699-AA0D-5E9328D02020} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | {878F7CF4-F022-4351-9E38-7FBBE2365AA5} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat | {899EACC1-1BD3-40AF-8034-28F237C1C5B2} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | {8C58E512-C608-4D6B-808B-DD8CD45A32E7} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | {8EBD9A0A-40D4-4981-BC8D-28D4FED7ED43} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | {8EFA6965-8881-48CF-95F4-2BA22F42C290} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hoard\win32\reuben.exe | {8F8FA620-5A92-4350-BBE2-43A3196D45C5} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | {91417703-B389-4A55-97F8-2FE15341DB37} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip marauders\prism.exe | {914ECF50-EF4A-40B8-8FA0-FCBBD59C0E0F} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | {927954D7-3F4E-4161-8D2A-24858F67BB40} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | {92E016BA-F212-44AC-B4A2-427BEC468D8E} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | {939047AE-255D-4F46-AC84-FE21E935CD95} = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | {944213D8-4AE6-4117-AB3D-62BC3B975F1C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | {944517B4-B425-44BB-835F-EA7798CE1864} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | {94C06FA9-72D9-4741-9A06-01C2AAAE6032} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | {94E1E6BE-74A2-4BD7-9F1C-35B10E8EC87F} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | {95FE5243-4E57-400C-8171-48EDCE19D29A} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\garrysmod\hl2.exe | {96B8221C-77A6-4FDD-9275-AEDD13F63D94} = protocol=6 | dir=out | app=system | {97604E57-5F5E-4F8B-ADBA-B556BEDB841F} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | {98BC3356-DCEE-4B1B-923E-8CE8F552F1CA} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | {99A0070B-6353-4681-8DE7-71B531F9973D} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | {9B0CDF6B-A889-4F0A-8157-7C474DCD4D5A} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | {9B5C1B5C-697E-426F-B816-AA1CCD5DCF2D} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | {9D2BBD4E-FACD-4F9A-B93B-D70185BA589D} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | {9DCFB3ED-D7B6-48AE-BC90-FBAA5C77BA06} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | {9ECFF573-142E-4E5E-8AA9-2F866E5676E4} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | {9F53124F-EF87-41E3-AE13-2067F1DC5391} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | {A09AF173-03A7-4A5B-B08C-932155BC1025} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | {A0BFDD58-99C1-4BA9-AFE1-F3BCD81AFE34} = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | {A1080472-4168-4143-B401-549DC3C7A836} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {A1196942-2641-44D1-8B54-B8D1809A3AC9} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | {A12177DC-9206-4635-B9E8-4B01F19FD1A2} = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | {A271D437-DEA8-44DF-9EC0-DF42F2868912} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\garrysmod\hl2.exe | {A2AB2C1E-E092-44D9-8FC6-1B48FB2E6DFF} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | {A2BE7091-A333-4C29-BBD7-A1E83127A963} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | {A53D0198-DC08-42F1-992B-544B3361CED3} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | {A5EF065F-C498-408A-94C9-1293D19B1A2C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | {A6C80F1F-F878-412B-90C1-60BD368080B8} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | {A6E24AB2-A879-47F6-B311-885530DD176C} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | {A6ED7886-44E6-4330-A24A-75F7A7C03222} = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | {A8080235-8E90-41FA-BF88-CC520BCF64BA} = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe | {A89FC550-883D-4916-A79B-9BC45B79A623} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron grip marauders\prism.exe | {A8D7C5DD-2C04-4CEC-AE98-EB5A12000434} = protocol=17 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe | {AC37FAAD-5DB0-4200-A832-3F637111EB9F} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | {AC3E0788-3D96-4191-BF90-D6F2EE2396A8} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | {AEBE8609-7931-4A17-9B60-0D460D153D63} = protocol=6 | dir=in | app=c:\program files (x86)\end of nations beta\clientlauncherg.exe | {AEF8AB0C-8EFA-42F3-A47E-CB87CF237530} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | {B05F79ED-D6F1-4C21-A126-57056D77E40C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | {B117AE4D-BD44-44BD-A67B-9276ACF755AB} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | {B16C6466-EF6F-4CAE-82BC-9111C71F8165} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | {B29113A1-66A3-4C20-A2A4-60DA81993942} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | {B5F9A9AD-950C-4B05-AD6F-0ECA01790B9E} = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | {B61A78E0-6B2D-4B45-9E2C-DF80A4D3EC64} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | {B74A5A66-E152-4B9D-9D8C-3C0F76DEAC53} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | {B8398588-E7C1-4EA5-B286-77A8F1C5C502} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | {B8AC3088-368C-4388-82FC-346B9D6552F3} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | {B8D369F3-C38E-485C-888A-BE33F48569CD} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | {B944B7DE-463D-484B-A5C7-785F67E324D5} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | {BA1FB8BE-B995-4567-A888-6F602411C109} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | {BBC04D76-DBD2-465B-B13F-6F20077F090F} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | {BBFB85F9-ABCF-48BC-B5C7-BF774E4F0E45} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | {BC021986-13CB-43FD-86D8-375D71303C4D} = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | {BE9CC1F9-1455-4509-B9E9-DC89A3AC4382} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | {C2211CF9-AD6E-4D50-A7CF-91098AF19937} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | {C2C606F9-9872-4E81-BD4A-60924C133151} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe | {C3F90FB0-7688-4DF8-951D-CF520D3FEBE4} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | {C4432BF9-FE94-49CB-87CE-D14571876776} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | {C44535F7-D58A-4661-9D49-EA9F2353084D} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | {C4554FCD-CCC5-4CF6-9AD3-92EA742A8A68} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | {C7D4B5D9-1AF4-44CF-8227-7257067F4622} = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | {C80EB01D-5E5E-4CF0-A5CE-35451DF099E0} = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | {C945BC4C-BA38-4A7D-9705-34E61A841F2A} = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | {C9E7F6BE-AFDA-49A9-9237-635502C90FF9} = protocol=17 | dir=in | app=c:\program files (x86)\end of nations beta\clientlauncherg.exe | {CC5DCFB3-4223-4C47-96F2-EB95C6AC3455} = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | {CCF5EB33-04C1-4E9F-9F54-03238AF7F7A3} = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | {CD48DBC9-CAF4-470E-9AE7-624C7BC6BAEB} = dir=out | app=%programfiles% (x86)\kalypso media\tropico 4\tropico4.exe | {CE36DD17-5DAD-4CEA-AE3B-073DA7A17247} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | {CE5DFAF9-0E39-42F8-9256-9BD2E1C7E7EF} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | {CE73F451-1974-4027-904F-0A5E65A6FA94} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | {CF094149-358B-4F00-9D38-DC5827556686} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | {CF6910F7-47EF-4460-ABD8-40886A6DA523} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | {D086881A-E9E9-4BC8-B155-8628A8B589CE} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | {D144E7F9-632C-40B9-8A09-22805E40B9BC} = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe | {D5FFAF41-0FEB-4D7D-A95D-BF1871E7FF3C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3mp.exe | {D62DD740-219F-4B58-983E-3F27E484E856} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | {D6BBAE53-1159-4A72-943D-69C699D1B3F6} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | {DAC7DF50-7892-4DA2-881C-572E5BE7E4A6} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | {DB4778D3-4547-4118-8073-A89DD46DAF85} = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | {DBDEE9BB-AC03-462B-ACA1-6C854119976E} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {DCB7FD64-4F53-48D1-9BD3-F922019B80C1} = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | {DD36488C-3331-4E41-8784-E6FE711A7F2E} = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | {DE66265F-816B-4308-B4AE-6024183AAAA1} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | {DEC3DA21-7C76-49A6-8755-300171E8A977} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 3\ac3sp.exe | {DF398276-2E63-488C-B2AD-5EACA41F1027} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe | {E0A7CCF5-4486-4801-AC05-1494896BA9E3} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | {E0B3B18B-A3B0-4263-8194-7DD051A7C957} = dir=out | app=%programfiles% (x86)\sins of a solar empire rebellion\sins of a solar empire rebellion.exe | {E0E79932-329D-4448-A5E3-EE4240F60B41} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | {E1EE2BF2-0ED5-4235-9358-91685E419F9F} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {E256613C-653F-4766-A657-3A25BF717CFB} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe | {E28D15D5-5A50-48EA-A137-293128AA626F} = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | {E4E01416-ABC5-41D6-B7EB-F3352C4C6E8E} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | {E545BD05-0D44-44AD-B416-198FC448B8E9} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | {E65F8C3A-05E1-451E-A0FF-D574B5964171} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | {E66BDB61-4D64-4D83-9AA5-B35A992FC3C7} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | {E7739624-4345-4210-A215-7069E494027A} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | {EBB06A8B-764C-40C5-982C-C6DB15AC6775} = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe | {EC145B3B-993A-4D6B-9045-6E851285CAE2} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | {ED08CE4B-035A-42C6-8CB4-77608D0D037D} = dir=in | app=c:\program files (x86)\itunes\itunes.exe | {EE56C81A-9F82-40E2-9939-E888A9314E1F} = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | {EF6E86DE-A3A1-4D27-A50C-86DBFBE531C7} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | {F2740E44-56F6-4216-B581-7FD2EC948664} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | {F56CC84B-4898-4628-BD41-4B656ED6ABB5} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\counter-strike source\hl2.exe | {F8F0CF3A-9B31-4558-9611-CC242B288AB3} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | {FB5BFB34-57F5-49E0-A774-837EDD0E0F4C} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | {FBCFDFDA-5EF4-408A-90D5-713DED42DE7E} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2 demo\bin\shank2.exe | {FC055585-1B02-4C0F-B6AE-069162D0E119} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | {FD3E4735-B61F-4F03-8B58-C26BD79C26BF} = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | {FD7BF65F-3BCB-4420-B2CF-6E21FFE28ED9} = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | {FEBB50D6-9160-4DBA-A2F3-995869B4B9E4} = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | TCP Query User{0938184E-F463-4020-99D4-05D5F6478A4B}C:\program files (x86)\steam\steamapps\phuer\counter-strike source\hl2.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\phuer\counter-strike source\hl2.exe | TCP Query User{10818B35-790F-4C53-BBE9-E52271AAD682}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | TCP Query User{19F2E2FE-07CC-4A48-839F-FA552EDF4DF2}C:\program files (x86)\warcraft iii\war3.exe = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | TCP Query User{1FEF88EA-EB9D-4EB8-A846-8EA0374A725E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | TCP Query User{303E1563-225D-4BEA-896D-6FD819FA4D9A}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | TCP Query User{31C5BD0C-EE4B-4BBB-8DEB-85416E6AFC1A}C:\program files (x86)\java\jre6\bin\javaw.exe = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | TCP Query User{3B4C39B9-A9ED-4C70-BAA0-9A286134C8F1}C:\program files (x86)\xfire\xfire.exe = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | TCP Query User{4FDF477F-187D-407E-ABF5-56E4FD9FA42C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | TCP Query User{5236709D-36A6-4533-BBCD-45426495D318}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | TCP Query User{5C727EDA-5813-465D-B287-D863564912AC}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | TCP Query User{72F73B24-E35B-4959-9B8D-A1F2F7C8C134}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | TCP Query User{7BA408FB-961A-46EA-989A-99406E0E4A43}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | TCP Query User{7F27316D-1AE5-4331-8988-9F7F24CEE5AD}C:\program files (x86)\steam\steamapps\poor_lil_rich\counter-strike source\hl2.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\poor_lil_rich\counter-strike source\hl2.exe | TCP Query User{82EF1DB7-22A1-4667-8E0B-46519AB00508}C:\program files (x86)\oovoo\oovoo.exe = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | TCP Query User{9F322741-E8B0-490A-B637-7F6254D09619}C:\program files (x86)\steam\steam.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | TCP Query User{A534440F-07D4-46D9-B467-9B878E667B7C}C:\program files (x86)\steam\steamapps\xmon13\team fortress 2\hl2.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\team fortress 2\hl2.exe | TCP Query User{C04A8AD7-A634-48C5-9C69-186B92145F8A}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | TCP Query User{C0FAA5E0-B932-4F41-BAE0-2E367C30EA32}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | TCP Query User{C869F50B-C69C-4783-8E41-1067546F8361}C:\program files (x86)\1c company\men of war. assault squad. game of the year\mow_assault_squad.exe = protocol=6 | dir=in | app=c:\program files (x86)\1c company\men of war. assault squad. game of the year\mow_assault_squad.exe | TCP Query User{CD67E1FB-96DC-4FB2-96E2-D0DDC4553A63}C:\users\xavier\documents\arma 2\expansion\beta\arma2oa.exe = protocol=6 | dir=in | app=c:\users\xavier\documents\arma 2\expansion\beta\arma2oa.exe | TCP Query User{D45656AB-D910-466D-B95E-A65455FD4592}C:\program files (x86)\ground control ii\gcii.exe = protocol=6 | dir=in | app=c:\program files (x86)\ground control ii\gcii.exe | TCP Query User{DBB40AF4-6741-4B51-B220-7E498EE87D98}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | TCP Query User{DBD718A5-2888-45A1-88C0-09F5878FE8DC}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | TCP Query User{E40ADD8F-9645-496D-B87A-DBC258FB086F}C:\nexon\vindictus\en-us\vindictus.exe = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | TCP Query User{ECE50958-A43B-4C25-8F4F-D95110273EA3}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | TCP Query User{FBCCE30B-D06D-4B5B-96CA-2809273B52ED}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | UDP Query User{01CC68FF-2ED2-4FA2-AD61-C1447909E291}C:\users\xavier\documents\arma 2\expansion\beta\arma2oa.exe = protocol=17 | dir=in | app=c:\users\xavier\documents\arma 2\expansion\beta\arma2oa.exe | UDP Query User{0F7CAED0-D567-42B7-B30A-1DFCC73F8E54}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe | UDP Query User{181330E9-E589-4AD2-BC58-3F8D976DDB95}C:\program files (x86)\ground control ii\gcii.exe = protocol=17 | dir=in | app=c:\program files (x86)\ground control ii\gcii.exe | UDP Query User{1A64AFE1-9CC6-4812-B65E-16B1E7817C22}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | UDP Query User{202EF9D1-757C-4DCE-B30E-8077001C6020}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | UDP Query User{3C70AE4C-380D-47FA-B711-1D4A5A7EA32E}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | UDP Query User{46BE8817-DEF6-42AD-BBF4-20CD8704B61D}C:\program files (x86)\world of warcraft\backgrounddownloader.exe = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | UDP Query User{4C56C870-D132-4682-949C-BDBACA73562A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | UDP Query User{5059B150-94BC-4E8C-929B-433C6C226FB8}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | UDP Query User{687F6361-A8B1-4662-8BE9-8C52015EEC9E}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | UDP Query User{6E9AECF7-10A3-4B46-A415-8B1D01138A9F}C:\program files (x86)\steam\steamapps\xmon13\team fortress 2\hl2.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xmon13\team fortress 2\hl2.exe | UDP Query User{75653517-A856-4003-A4E2-F2842465DB7A}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | UDP Query User{77CA883E-85F6-4DC5-B55F-AF098F644E05}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | UDP Query User{7D342530-B903-4332-8210-B8FE063776E7}C:\nexon\vindictus\en-us\vindictus.exe = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | UDP Query User{7EB6FF77-1C8A-4F86-8A27-0F239F8E5256}C:\program files (x86)\steam\steam.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | UDP Query User{8C8B7A3C-62F7-4B2C-874D-C7C05CDB75F9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | UDP Query User{9A7A066B-DE87-4553-BFF0-B8501461137C}C:\program files (x86)\1c company\men of war. assault squad. game of the year\mow_assault_squad.exe = protocol=17 | dir=in | app=c:\program files (x86)\1c company\men of war. assault squad. game of the year\mow_assault_squad.exe | UDP Query User{A8AB9CED-4792-4F83-BB0A-401760FD07B7}C:\program files (x86)\steam\steamapps\poor_lil_rich\counter-strike source\hl2.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\poor_lil_rich\counter-strike source\hl2.exe | UDP Query User{AF242162-F8BB-45AB-A25E-F51B6854EE91}C:\program files (x86)\warcraft iii\war3.exe = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | UDP Query User{BD1B2655-C90C-410E-90CA-7FB4B8711EE1}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | UDP Query User{C0E41193-BAF1-42FC-9872-D8EC956ABFBC}C:\program files (x86)\java\jre6\bin\javaw.exe = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | UDP Query User{E2B566A0-CD79-42C1-9884-46D8C848FA4E}C:\program files (x86)\steam\steamapps\phuer\counter-strike source\hl2.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\phuer\counter-strike source\hl2.exe | UDP Query User{E2E10C31-6B3F-42C9-8232-831625A15D4E}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | UDP Query User{E5010090-0FAA-4136-BB4D-B1129E180768}C:\program files (x86)\xfire\xfire.exe = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | UDP Query User{E6CD300A-B4BB-4582-86F8-60780946C96E}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | UDP Query User{FD98D8BC-B314-4681-8796-A47E999CD175}C:\program files (x86)\oovoo\oovoo.exe = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] {071c9b48-7c32-4621-a0ac-3f809523288f} = Microsoft Visual C++ 2005 Redistributable (x64) {116C20CC-0843-1FC0-2AE8-BD3535911B36} = AMD Drag and Drop Transcoding {119B2F5A-2A06-DB96-FF28-992EC2A10BDF} = AMD Accelerated Video Transcoding {1D8E6291-B0D5-35EC-8441-6616F567A0F7} = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 {26A24AE4-039D-4CA4-87B4-2F86417003FF} = Java 7 Update 3 (64-bit) {30CAD3B3-7EF6-4087-2A50-97EF66966776} = ATI AVIVO64 Codecs {330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1 = MotioninJoy Gamepad tool 0.7.1001 {350AA351-21FA-3270-8B7A-835434E766AD} = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 {44B4F244-5B4D-856E-B3A6-E8DDBDC7F127} = AMD Fuel {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 {503F672D-6C84-448A-8F8F-4BC35AC83441} = AMD APP SDK Runtime {59B69525-1383-C84A-38EF-F442B63E69BC} = AMD Media Foundation Decoders {5E03A267-415E-5383-FA8F-3CE4145663B9} = AMD Catalyst Install Manager {5E11C972-1E76-45FE-8F92-14E0D1140B1B} = iTunes {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} = Bonjour {75104836-CAC7-444E-A39E-3F54151942F5} = Apple Mobile Device Support {81BE0B17-563B-45D4-B198-5721E6C665CD} = Microsoft Lync 2010 {8220EEFE-38CD-377E-8595-13398D740ACE} = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 {8E34682C-8118-31F1-BC4C-98CD9675E1C2} = Microsoft .NET Framework 4 Extended {90140000-002A-0000-1000-0000000FF1CE} = Microsoft Office Office 64-bit Components 2010 {90140000-002A-0409-1000-0000000FF1CE} = Microsoft Office Shared 64-bit MUI (English) 2010 {90140000-0116-0409-1000-0000000FF1CE} = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 {95120000-00B9-0409-1000-0000000FF1CE} = Microsoft Application Error Reporting {9B48B0AC-C813-4174-9042-476A887592C7} = Windows Live ID Sign-in Assistant {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} = Microsoft Visual C++ 2005 Redistributable (x64) {C8388DCB-6F85-C11F-C9F4-D636960E60F5} = ccc-utility64 {DA2737A4-B639-96F4-1CC2-30D2919EE1FB} = AMD Steady Video Plug-In {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} = Microsoft .NET Framework 4 Client Profile 7F4303078887B33BF9E472598BB463CBE007C68E = Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (06/22/2009 6.0.64.0059) LSI Soft Modem = LSI PCI-SV92PP Soft Modem Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended = Microsoft .NET Framework 4 Extended NVIDIA Drivers = NVIDIA Drivers sp6 = Logitech SetPoint 6.32 TeamSpeak 3 Client = TeamSpeak 3 Client WinRAR archiver = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] {0215A652-E081-4B09-9333-DC85AAB67FFA} = Adobe Dreamweaver CS5.5 {02A10468-2F1C-447C-AD8E-4DEDDEA25AE2} = Medieval II Total War : Kingdoms : Crusades {033E378E-6AD3-4AD5-BDEB-CBD69B31046C} = Microsoft_VC90_ATL_x86 {048298C9-A4D3-490B-9FF9-AB023A9238F3} = Steam {079A4EB2-9A74-7B86-12C2-00B52E395801} = CCC Help Danish {08D2E121-7F6A-43EB-97FD-629B44903403} = Microsoft_VC90_CRT_x86 {0AAA9C97-74D4-47CE-B089-0B147EF3553C} = Windows Live Messenger {112DDD07-E419-2498-1E9E-2157F82AF5AA} = CCC Help Turkish {12A00DC2-1226-D9F2-13DA-F974111D439E} = AMD VISION Engine Control Center {19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20} = Microsoft XNA Framework Redistributable 3.1 {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 {20400dbd-e6db-45b8-9b6b-1dd7033818ec} = Nero InfoTool Help {205C6BDD-7B73-42DE-8505-9A093F35A238} = Windows Live Upload Tool {21C41BAF-6F62-469D-A43B-DDF01628346E} = Ground Control II {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} = MSVCRT {2348b586-c9ae-46ce-936c-a68e9426e214} = Nero StartSmart Help {26A24AE4-039D-4CA4-87B4-2F83216030FF} = Java 6 Update 30 {287ECFA4-719A-2143-A09B-D6A12DE54E40} = Acrobat.com {2993B157-97AE-7981-F29A-E6575F991CDB} = CCC Help Swedish {2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} = Microsoft XNA Framework Redistributable 4.0 {2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22} = Six Updater {2DB047C5-E3AF-4B0F-8787-B65DD990A4FC}_is1 = King’s Bounty Platinum Edition (Remove Only) {30075A70-B5D2-440B-AFA3-FB2021740121} = Backup Manager Advance {310CC2FA-5EC5-48B6-BB31-5551B78449BA} = Play withSIX {33cf58f5-48d8-4575-83d6-96f574e4d83a} = Nero DriveSpeed {343666E2-A059-48AC-AD67-230BF74E2DB2} = Apple Application Support {347966F8-E71A-E1A5-95E4-3A1C215383F6} = CCC Help Chinese Traditional {3521BDBD-D453-5D9F-AA55-44B75D214629} = Adobe Community Help {3B11D799-48E0-48ED-BFD7-EA655676D8BB} = Star Wars: The Old Republic {3B3D81AB-51E2-695F-7E57-1CC30049F2A3} = CCC Help French {3B4E636E-9D65-4D67-BA61-189800823F52} = Windows Live Communications Platform {3B5614A2-2A3B-4C64-8CC7-A67726154539}_is1 = Men of War: Assault Squad - Game of the year (Remove Only) {3B5614A2-2A3B-4C64-8CC7-A67726154539}_update2.05.12.0 = Update 2.05.12.0 for Men of War: Assault Squad - Game of the year {3B5614A2-2A3B-4C64-8CC7-A67726154539}_update2.05.14.0 = Update 2.05.14.0 for Men of War: Assault Squad - Game of the year {3C52E7DA-C431-4239-B66B-1BF703D5B194} = Windows Live Photo Gallery {3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} = Hi-Rez Studios Authenticate and Update Service {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} = eReg {41785C66-90F2-40CE-8CB5-1C94BFC97280} = Microsoft Chart Controls for Microsoft .NET Framework 3.5 {462C2036-3055-4369-D30B-8DA032331EAB} = CCC Help Greek {46ED2B64-85C7-4E1F-920C-A555B21F2E4C} = NVIDIA PhysX {4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater {4CB0307C-565E-4441-86BE-0DF2E4FB828C} = Microsoft Games for Windows Marketplace {4D43D635-6FDA-4fa5-AA9B-23CF73D058EA} = Nero StartSmart OEM {4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} = Junk Mail filter update {4E3AA543-09D7-401E-9DF2-2591D24C7C49} = Addon Sync 2009 {51054867-140B-8FBF-73A8-75386276BD98} = CCC Help Spanish {56C049BE-79E9-4502-BEA7-9754A3E60F9B} = neroxml

Yes I installed because windows had said I had no active antivirus. I use a Radeon HD 6800 series video card. I believe the integrated graphics might be ATI Radeon 3200 but that could also have been the card the 6800 physically replaced. My games were working on the 6800 and I do not know if that could be conflicting with the integrated graphics? OTL logfile created on: 2/3/2013 1:30:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xavier\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.79 Gb Available Physical Memory | 87.56% Memory free 15.50 Gb Paging File | 14.56 Gb Available in Paging File | 93.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 914.41 Gb Total Space | 265.36 Gb Free Space | 29.02% Space Free | Partition Type: NTFS Computer Name: XAVIER-PC | User Name: Xavier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/03 01:28:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xavier\Desktop\OTL (1).exe ========== Modules (No Company Name) ========== MOD - [2013/01/07 16:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Xavier\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll MOD - [2013/01/07 16:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Xavier\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013/01/07 16:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Xavier\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/12/19 11:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/06/11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/09/27 11:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 17:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/06/15 01:10:00 | 000,382,976 | ---- | M] (Marvell) [Auto | Stopped] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc) SRV:64bit: - [2009/03/27 02:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2013/01/18 20:23:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/17 19:28:52 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/01/09 15:46:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/30 15:36:37 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/26 14:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2011/02/10 00:00:16 | 000,012,800 | ---- | M] (Mr. John aka japamd) [Auto | Stopped] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/07/28 11:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 05:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012/12/19 12:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/12/19 11:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/11/06 03:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/05/12 11:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/07 18:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2011/09/01 22:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/01 22:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/03 04:21:30 | 000,452,128 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2009/06/21 22:08:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) DRV:64bit: - [2009/06/15 01:10:00 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 21:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 13:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 13:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601094204p2329u905408717415 IE - HKCU\..\URLSearchHook: {03f38c00-dda9-46bf-9475-c6997746c740} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Xavier\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Xavier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/21 23:22:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 20:23:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 20:23:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 20:23:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 20:23:35 | 000,000,000 | ---D | M] [2012/04/02 01:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xavier\AppData\Roaming\Mozilla\Extensions [2012/02/14 17:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xavier\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org [2013/01/09 18:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\c46m8yqu.default\extensions [2013/01/09 16:54:26 | 000,001,048 | ---- | M] () -- C:\Users\Xavier\AppData\Roaming\Mozilla\Firefox\Profiles\c46m8yqu.default\searchplugins\xfire-new-customized-web-search.xml [2013/01/18 20:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/21 23:22:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013/01/18 20:23:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012/08/29 10:23:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/17 00:22:21 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - Extension: avast! WebRep = C:\Users\Xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[s1].txt File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A0D5B2-0E4B-4960-A8A9-8D429A269F7A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882E491F-8DBE-4ADA-AA24-9E4A8F412ADF}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\Shell - "" = AutoRun O33 - MountPoints2\{65ddbff4-9c83-11e1-a3a8-0022687f5fe1}\Shell\AutoRun\command - "" = K:\ToolLauncher-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/03 01:29:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xavier\Desktop\OTL (1).exe [2013/02/02 19:58:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/01 12:49:04 | 000,000,000 | ---D | C] -- C:\Users\Xavier\Desktop\RK_Quarantine [2013/02/01 12:42:31 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Xavier\Desktop\tdsskiller.exe [2013/02/01 12:08:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Xavier\Desktop\aswMBR.exe [2013/02/01 12:05:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2013/02/01 04:08:31 | 000,000,000 | ---D | C] -- C:\Users\Xavier\Desktop\mbar [2013/02/01 03:56:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/02/01 03:56:24 | 000,000,000 | ---D | C] -- C:\JRT [2013/02/01 03:50:27 | 000,538,188 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Xavier\Desktop\JRT.exe [2013/02/01 01:43:28 | 000,000,000 | ---D | C] -- C:\Users\Xavier\AppData\Roaming\Elluminate [2013/01/28 00:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2013/01/21 23:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/01/21 23:23:31 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/01/21 23:23:31 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/01/21 23:23:26 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/01/21 23:23:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/01/21 23:23:22 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/01/21 23:23:17 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/01/21 23:23:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/01/21 23:22:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/01/21 23:22:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013/01/21 23:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/01/21 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/01/18 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/17 19:38:58 | 000,000,000 | ---D | C] -- C:\Games [2013/01/17 19:38:51 | 000,000,000 | ---D | C] -- C:\Users\Xavier\AppData\Local\Package Cache [2013/01/09 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\Xavier\AppData\Roaming\Xfire [2013/01/09 16:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2013/01/09 16:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire [2013/01/09 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire [2013/01/08 15:06:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/08 15:06:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/08 15:06:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/08 15:06:19 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/08 15:06:17 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/08 15:06:17 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/08 15:06:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/08 15:06:17 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/08 15:06:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/08 15:06:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/08 15:06:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/08 15:06:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/08 15:06:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/08 15:06:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/08 15:06:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/08 15:06:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/08 15:06:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/08 15:06:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/08 15:06:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/08 15:06:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/08 15:06:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/08 15:06:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/08 15:06:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/08 15:06:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/08 15:06:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/08 15:06:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/08 15:06:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/08 15:06:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/08 15:06:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/08 15:06:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/08 15:06:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/08 15:06:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/08 15:06:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/08 15:06:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/08 15:06:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/08 15:06:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/08 15:06:08 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/08 15:06:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/08 15:06:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/08 15:06:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/08 15:06:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/08 15:06:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/08 15:06:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/08 15:06:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/08 15:06:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/08 15:06:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/08 15:06:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/08 15:06:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/08 15:06:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/08 15:06:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/08 15:06:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/08 15:06:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/08 15:06:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 15:06:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/08 15:06:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/08 15:06:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/03 01:28:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xavier\Desktop\OTL (1).exe [2013/02/02 20:07:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/02 20:07:28 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/02 20:07:28 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/02 20:03:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/02 20:02:58 | 329,514,444 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/02/02 20:02:43 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys [2013/02/02 02:49:39 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013/02/01 12:47:40 | 000,771,072 | ---- | M] () -- C:\Users\Xavier\Desktop\RogueKiller.exe [2013/02/01 12:42:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Xavier\Desktop\tdsskiller.exe [2013/02/01 12:40:56 | 000,000,512 | ---- | M] () -- C:\Users\Xavier\Desktop\MBR.dat [2013/02/01 12:09:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Xavier\Desktop\aswMBR.exe [2013/02/01 03:50:20 | 000,538,188 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Xavier\Desktop\JRT.exe [2013/01/22 18:20:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 18:20:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 16:51:39 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3596144543-575795553-1167974984-1000Core.job [2013/01/22 16:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/22 16:44:33 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3596144543-575795553-1167974984-1000UA.job [2013/01/21 23:30:31 | 000,926,877 | ---- | M] () -- C:\Users\Xavier\AppData\Local\census.cache [2013/01/21 23:29:57 | 000,142,091 | ---- | M] () -- C:\Users\Xavier\AppData\Local\ars.cache [2013/01/21 23:23:32 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/01/21 23:23:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/01/21 23:18:29 | 000,000,036 | ---- | M] () -- C:\Users\Xavier\AppData\Local\housecall.guid.cache [2013/01/17 19:38:59 | 000,001,905 | ---- | M] () -- C:\Users\Xavier\Desktop\MechWarrior Online.lnk [2013/01/09 16:54:21 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2013/01/09 15:46:12 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/09 15:46:12 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/09 03:14:18 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/04 12:22:44 | 000,298,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013/01/04 12:22:44 | 000,298,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/01/04 10:04:37 | 000,000,221 | ---- | M] () -- C:\Users\Xavier\Desktop\HOARD.url [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/01 12:49:01 | 000,771,072 | ---- | C] () -- C:\Users\Xavier\Desktop\RogueKiller.exe [2013/02/01 12:40:56 | 000,000,512 | ---- | C] () -- C:\Users\Xavier\Desktop\MBR.dat [2013/01/21 23:30:31 | 000,926,877 | ---- | C] () -- C:\Users\Xavier\AppData\Local\census.cache [2013/01/21 23:29:57 | 000,142,091 | ---- | C] () -- C:\Users\Xavier\AppData\Local\ars.cache [2013/01/21 23:23:32 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/01/21 23:23:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013/01/21 23:18:29 | 000,000,036 | ---- | C] () -- C:\Users\Xavier\AppData\Local\housecall.guid.cache [2013/01/17 19:38:59 | 000,001,905 | ---- | C] () -- C:\Users\Xavier\Desktop\MechWarrior Online.lnk [2013/01/09 16:54:21 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2013/01/04 10:04:37 | 000,000,221 | ---- | C] () -- C:\Users\Xavier\Desktop\HOARD.url [2012/12/15 10:20:15 | 001,599,440 | ---- | C] () -- C:\Users\Xavier\ts3_recording_12_12_15_10_20_11.wav [2012/12/07 12:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012/09/12 21:12:19 | 000,005,120 | ---- | C] () -- C:\Users\Xavier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/09/07 06:13:47 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012/08/18 09:32:34 | 000,007,610 | ---- | C] () -- C:\Users\Xavier\AppData\Local\Resmon.ResmonCfg [2012/07/14 00:21:56 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/24 12:36:30 | 000,083,927 | ---- | C] () -- C:\Windows\War3Unin.dat [2012/04/07 02:08:58 | 000,169,912 | ---- | C] () -- C:\Program Files (x86)\4wres.dll [2012/04/07 02:03:27 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/02/23 13:36:10 | 000,000,072 | ---- | C] () -- C:\Windows\wininit.ini [2012/02/23 13:28:37 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/02/14 18:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/14 18:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/12 20:17:23 | 000,298,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/02/12 20:17:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/02/12 06:37:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/30 03:51:04 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\AtomZombieData [2009/01/08 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\AVG2012 [2012/06/09 00:59:55 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Braid [2012/03/19 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Cobra Mobile [2012/09/16 02:48:43 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\DAEMON Tools Lite [2013/02/01 01:50:59 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Elluminate [2012/09/17 07:06:32 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\EoN [2012/06/05 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\fltk.org [2012/10/30 02:55:36 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\ijjigame [2012/08/01 16:45:13 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Kalypso Media [2012/02/12 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Leadertech [2012/06/09 00:03:10 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\LoneSurvivor [2012/04/30 15:09:28 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Longbow Digital Arts [2012/08/28 22:14:08 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\MotioninJoy [2012/06/11 11:47:21 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Mount&Blade Warband [2012/06/11 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Mount&Blade With Fire and Sword [2013/01/11 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Natural Selection 2 [2012/03/30 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Need for Speed World [2012/04/07 01:47:45 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\ooVoo Details [2012/12/30 09:03:29 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Origin [2012/12/12 23:19:40 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Play withSIX [2012/09/11 00:49:13 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\PlayFirst [2012/02/14 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Prism [2012/04/24 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\RadeonPro [2012/12/15 09:54:53 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\six-updater [2012/12/15 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\six-zsync [2012/12/14 16:24:05 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Spirited Machine [2012/06/07 11:44:26 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\SystemRequirementsLab [2012/12/15 09:45:57 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\TeamViewer [2012/02/23 01:25:16 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\The Creative Assembly [2012/07/31 18:40:09 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Tropico 4 Demo [2013/01/22 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\TS3Client [2012/12/14 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\ts3overlay [2012/12/14 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\ts3overlay_hook_win64 [2012/12/28 02:52:27 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Ubisoft [2012/05/21 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Unity [2012/10/23 01:42:31 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\Unity of Command DEMO [2012/02/11 18:39:04 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\WildTangent [2012/11/03 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Xavier\AppData\Roaming\XRay Engine ========== Purity Check ========== < End of report >

After checking that last string of zeroes had a "x" in front of it. Under the stop code it reads: *** Atihdw76.sys - Address FFFFF88005792BF7 Base at FFFFF88005783000. Datest am 5099841f