Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Right mouse button bound to ad aware installer, win 7

3829 Views 17 Replies 2 Participants Last post by  Waxfruit
I have no idea how this happened as I no longer even have ad aware installed, but I booted up my computer the other day and right clicked a folder to get properties for it and it tried to install ad aware. I can cancel it and right click works fine for a while but eventually it does it again, and it always does it the first right click after startup.

Anyone know how to fix this? I've tried "msiexec /unregister" and "msiexec /regserver" in run program but it didn't help.
Status
Not open for further replies.
1 - 18 of 18 Posts
Hi waxfruit,
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • If your machine is 64-bit, Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

When you post make sure Notepad's Wordwrap is unchecked
Programs > Accessories > Notepad > Format > make sure wordwrap is Unchecked
askey127
See less See more
Thanks for the quick reply, hopefully there's something in here that'll tell us what the problem is. I'll do 2 posts as you suggested since the files seem rather large. otl.txt: OTL logfile created on: 8/13/2014 18:03:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bacon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17028) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.90 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.85% Memory free 15.81 Gb Paging File | 13.26 Gb Available in Paging File | 83.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 38.60 Gb Free Space | 8.29% Space Free | Partition Type: NTFS Computer Name: TED-PC | User Name: Bacon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/08/13 18:01:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bacon\Downloads\OTL.exe PRC - [2014/07/31 08:53:10 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2014/07/30 11:53:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014/07/15 22:28:16 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2014/07/04 14:02:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/08/20 13:43:20 | 000,550,272 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2012/08/14 17:05:54 | 001,190,400 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe PRC - [2012/08/07 13:42:12 | 001,504,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2012/07/02 00:00:00 | 002,380,752 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2012/06/01 05:42:18 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe PRC - [2012/06/01 05:42:18 | 000,920,736 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe PRC - [2012/05/03 12:17:36 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2012/03/13 12:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2011/09/08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe ========== Modules (No Company Name) ========== MOD - [2014/07/30 11:53:25 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014/07/15 22:28:28 | 002,139,328 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll MOD - [2014/07/15 22:28:18 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2014/07/11 20:53:26 | 001,116,672 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll MOD - [2014/07/11 20:53:26 | 000,438,784 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll MOD - [2014/07/11 20:53:26 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll MOD - [2014/07/11 20:53:26 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll MOD - [2014/07/04 14:02:52 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014/07/04 14:02:51 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2014/06/26 18:40:28 | 000,764,416 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll MOD - [2013/05/08 17:22:48 | 001,040,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll MOD - [2012/07/20 09:39:40 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2012/07/02 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll MOD - [2012/07/02 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll MOD - [2012/07/02 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll MOD - [2012/07/02 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll MOD - [2012/07/02 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll MOD - [2012/07/02 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll MOD - [2012/07/02 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll MOD - [2012/07/02 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll MOD - [2012/05/28 21:27:04 | 001,622,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2012/05/25 10:33:10 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2012/03/21 12:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011/10/14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2011/09/26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011/09/19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011/07/21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2011/07/12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2010/10/05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2010/08/22 22:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11) SRV:64bit: - [2014/07/04 14:02:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2013/12/06 16:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/12/06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/01/23 10:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2014/07/30 11:53:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/05/11 08:19:47 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/01 05:42:18 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc) SRV - [2012/06/01 05:42:18 | 000,920,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe -- (asComSvc) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt) DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - File not found [Kernel | System | Stopped] -- c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys -- (BdfNdisf) DRV:64bit: - [2014/07/04 14:03:11 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:64bit: - [2014/07/04 14:02:55 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:64bit: - [2014/07/04 14:02:55 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014/07/04 14:02:55 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm) DRV:64bit: - [2014/07/04 14:02:55 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014/07/04 14:02:55 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014/07/04 14:02:55 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2014/07/04 14:02:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2013/12/06 17:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/12/06 16:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013/09/24 10:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013/09/20 22:21:41 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2013/09/19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0) DRV:64bit: - [2013/09/13 07:44:14 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark) DRV:64bit: - [2012/06/12 18:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 93 8C 31 FD E2 CE 01 [binary data] IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.36 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/04 14:02:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/18 11:17:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/11/03 17:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bacon\AppData\Roaming\Mozilla\Extensions [2014/07/29 18:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bacon\AppData\Roaming\Mozilla\Firefox\Profiles\u1b47iyp.default\extensions [2014/05/27 17:58:34 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Bacon\AppData\Roaming\Mozilla\Firefox\Profiles\u1b47iyp.default\extensions\[email protected] [2014/07/29 18:36:59 | 000,538,675 | ---- | M] () (No name found) -- C:\Users\Bacon\AppData\Roaming\Mozilla\Firefox\Profiles\u1b47iyp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014/07/23 19:01:29 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Bacon\AppData\Roaming\Mozilla\Firefox\Profiles\u1b47iyp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/06/18 11:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/07/30 11:53:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/07/04 14:02:59 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" File not found O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.217.2 64.233.217.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F919D6D-ED5B-412A-B997-5C09044A9E80}: DhcpNameServer = 64.233.217.2 64.233.217.3 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/08/13 07:01:34 | 000,000,000 | ---D | C] -- C:\Users\Bacon\AppData\Roaming\Audacity [2014/08/11 15:35:09 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014/08/11 15:35:09 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014/08/11 15:35:09 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014/08/11 15:35:09 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2014/08/11 15:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2014/08/11 14:46:20 | 000,000,000 | ---D | C] -- C:\Users\Bacon\Documents\East India Company [2014/08/02 19:26:27 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2014/08/02 19:26:27 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2014/08/02 19:26:27 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2014/08/02 19:26:12 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2014/08/02 19:26:12 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2014/08/02 19:26:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2014/08/02 19:26:12 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2014/08/02 19:26:12 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2014/08/02 19:26:12 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2014/08/02 19:26:01 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2014/08/02 19:26:01 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2014/08/02 19:26:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2014/08/02 19:26:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2014/07/30 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Bacon\AppData\Roaming\Enterbrain [2014/07/30 20:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2014/07/27 04:45:29 | 000,000,000 | ---D | C] -- C:\Users\Bacon\AppData\Roaming\RenPy [2014/07/27 04:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 [2014/07/27 04:29:34 | 000,000,000 | ---D | C] -- C:\Python27 [2014/07/24 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Bacon\Documents\DeadIsland [2014/07/22 05:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2014/07/22 05:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Gamblers [2014/07/22 05:38:33 | 000,000,000 | ---D | C] -- C:\Users\Bacon\AppData\Roaming\Starpoint Gemini 2 [2014/07/22 05:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Gamblers [2014/07/20 17:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iceberg Interactive [2014/07/20 16:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2014/07/20 16:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2014/07/16 02:41:08 | 000,000,000 | ---D | C] -- C:\Users\Bacon\AppData\Local\Labcoax05___Alpha [2014/07/15 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Bacon\Documents\Mars - War Logs [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/08/13 17:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/08/13 13:08:38 | 000,014,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/08/13 13:08:38 | 000,014,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/08/13 13:01:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/08/13 13:01:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/08/13 13:00:53 | 2070,073,343 | -HS- | M] () -- C:\hiberfil.sys [2014/08/13 07:01:21 | 000,001,541 | ---- | M] () -- C:\Users\Bacon\Desktop\audacity - Shortcut.lnk [2014/08/11 15:35:09 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2014/08/11 15:35:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2014/08/11 15:35:09 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2014/08/11 15:35:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2014/07/22 05:38:34 | 000,001,291 | ---- | M] () -- C:\Users\Bacon\Desktop\Starpoint Gemini 2.lnk [2014/07/20 15:12:18 | 000,001,149 | ---- | M] () -- C:\Users\Bacon\Desktop\Continue Free File Viewer Installation.lnk [2014/07/20 10:30:42 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/07/20 10:30:42 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/08/13 07:01:21 | 000,001,541 | ---- | C] () -- C:\Users\Bacon\Desktop\audacity - Shortcut.lnk [2014/07/22 05:38:34 | 000,001,291 | ---- | C] () -- C:\Users\Bacon\Desktop\Starpoint Gemini 2.lnk [2014/07/20 16:07:01 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk [2014/07/20 15:12:18 | 000,001,149 | ---- | C] () -- C:\Users\Bacon\Desktop\Continue Free File Viewer Installation.lnk [2014/04/03 21:27:18 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini [2014/03/22 11:41:45 | 000,000,000 | -HS- | C] () -- C:\Users\Bacon\AppData\Local\LumaEmu [2013/12/06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013/11/03 17:39:36 | 001,835,008 | -HS- | C] () -- C:\Users\Bacon\NTUSER.bak [2013/10/31 05:47:05 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI [2013/09/27 03:06:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2013/09/25 22:16:40 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini [2013/09/14 18:48:26 | 000,000,415 | ---- | C] () -- C:\Windows\SIERRA.INI [2013/09/13 00:33:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013/09/12 23:30:56 | 005,307,808 | ---- | C] () -- C:\Windows\PE_Rom.dll [2013/09/11 08:41:34 | 000,773,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/09/11 08:32:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/09/11 05:21:21 | 000,015,232 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013/09/11 05:21:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013/09/11 05:05:34 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013/09/11 05:05:27 | 000,035,994 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2013/03/28 22:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013/03/28 22:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013/03/28 21:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013/03/28 21:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/09/13 22:06:23 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/08/13 07:08:03 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Audacity [2014/06/06 03:10:17 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\AVAST Software [2014/01/22 18:09:17 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\BITS [2014/02/24 15:53:21 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Cosmic Supremacy [2013/12/14 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\DAEMON Tools Lite [2014/07/30 23:47:54 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Enterbrain [2014/03/22 20:49:04 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\library_dir [2014/02/07 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\MinMaxGames [2014/06/04 03:04:09 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Notepad++ [2014/03/04 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Origin [2014/02/01 17:01:15 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Process Hacker [2014/07/27 04:45:29 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\RenPy [2014/01/22 02:08:19 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Shareaza [2014/07/22 05:38:33 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Starpoint Gemini 2 [2013/11/04 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Thunderbird [2013/11/07 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Trillian [2013/09/18 19:53:04 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\.BitTornado [2013/05/17 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Ad-Aware Antivirus [2012/07/04 02:57:50 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Audacity [2014/08/02 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\AVAST Software [2012/08/29 02:59:26 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\BITS [2011/12/21 23:35:40 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Clickteam [2011/12/13 17:53:53 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\DAEMON Tools [2013/07/17 13:37:20 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\DAEMON Tools Lite [2012/07/10 14:07:04 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\DisplayTune [2013/08/16 05:40:17 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Enterbrain [2012/08/29 02:59:26 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\FlashGet [2012/08/29 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\FlashGetBHO [2012/08/29 02:54:30 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\FlashgetSetup [2012/03/23 05:38:18 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\FOG Downloader [2012/02/24 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\FreeOrion [2012/10/10 10:13:05 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Fujitsu [2012/07/12 02:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Games\AppData\Roaming\IFViewer [2012/09/19 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\MinMaxGames [2012/05/18 19:28:53 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\OpenOffice.org [2011/12/05 15:52:36 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Process Hacker [2013/09/18 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Shareaza [2012/10/10 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Subversion [2013/07/04 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\SumatraPDF [2013/03/02 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\System [2011/12/01 19:22:12 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Thunderbird [2012/06/06 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Trillian [2012/10/25 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\TS3Client [2013/09/11 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\uTorrent [2013/09/25 18:05:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Ad-Aware Antivirus [2013/10/15 13:33:20 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\IMSIDesign [2013/09/26 19:04:44 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Process Hacker [2013/09/25 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Shareaza [2013/09/29 12:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\SumatraPDF [2013/09/21 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Thunderbird [2013/09/25 22:37:12 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Trillian ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Bacon\Downloads:Shareaza.GUID @Alternate Data Stream - 16 bytes -> C:\Users\Bacon\Documents\Shareaza:Shareaza.GUID @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report >
See less See more
extras.txt OTL Extras logfile created on: 8/13/2014 18:03:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bacon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17028) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.90 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.85% Memory free 15.81 Gb Paging File | 13.26 Gb Available in Paging File | 83.88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 38.60 Gb Free Space | 8.29% Space Free | Partition Type: NTFS Computer Name: TED-PC | User Name: Bacon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" [HKEY_USERS\S-1-5-21-1741357337-1976870452-4243926151-1006\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08CE324F-CFCA-4135-9C47-08B2ADC3806B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{21BD0D51-FFE1-44A4-B4FE-E4730F21932C}" = lport=137 | protocol=17 | dir=in | app=system | "{28193BEE-CAF0-46CB-A48C-E545BDB31A7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28558F01-A1C8-4823-A621-E9DAE4651319}" = rport=137 | protocol=17 | dir=out | app=system | "{2F6906E2-C9CD-4CED-89B4-808A68EC4C62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{688C7BF6-9F22-4E5D-9811-40D16BD6D00D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B780054-92CE-497E-86E9-402393B6F5A9}" = lport=138 | protocol=17 | dir=in | app=system | "{7266B8C1-1EF1-46E4-97C2-09CD0DB53AF1}" = rport=445 | protocol=6 | dir=out | app=system | "{75F25C42-B06A-4866-BA09-E54B96FE90F3}" = rport=10243 | protocol=6 | dir=out | app=system | "{809E81EB-CF8B-43E5-ACEA-D80FC29ED3F4}" = lport=139 | protocol=6 | dir=in | app=system | "{8CD41DFC-D714-46CD-B8F8-FD7B3EBAA9E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{8F2EDD29-8676-4BC3-AB41-47E3B0B97BA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{90BBD081-E0D1-4A15-9962-10B633D46527}" = lport=2869 | protocol=6 | dir=in | app=system | "{94460A91-AF0D-47A6-A9E2-DC92CCCFCF13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{947FFD93-A279-4737-ACD0-CB52EDA45B97}" = rport=139 | protocol=6 | dir=out | app=system | "{BAA31D1A-60A7-4417-B611-84EFD50F7757}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BC9ED6F6-4CBD-40B7-82B3-4073891454EB}" = lport=445 | protocol=6 | dir=in | app=system | "{CA805DEE-7453-4180-95D9-AFAD0374D610}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CBE7967E-416E-4ECD-BD25-2257C296DF8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{E137E0EB-2A86-4008-88DC-2FE6C28298F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFFDF0A9-FBD9-486D-9D64-36EB91D6094B}" = rport=138 | protocol=17 | dir=out | app=system | "{FEF1DE90-6F4C-445F-BADF-3153B999FC89}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001B66F7-E75A-4553-B8D2-F098A8BAA728}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe | "{06778A68-F2DC-41B0-8EC8-98367944DA5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{08D242B4-5768-40B1-B90D-FB5FF5E781E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the bards tale\the bard's tale.exe | "{0BCBE290-6C4C-4C26-AC2F-E2544D8A3383}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe | "{0C8EF21C-470C-4288-9FB2-E0FCA055198D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe | "{0D48AAA5-E501-422B-9714-4AA6B0BA497E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{0E62533E-05FA-4C73-A9B4-A63BCF444D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\configtool.exe | "{13CBB2A9-B4AC-4AC1-816A-5E343A453804}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{16390D81-1013-446C-B1BA-123183F3252F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | "{175F13A0-A0DE-48F1-8A3B-0A14184897ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the bards tale\config\the bard's setup.exe | "{1AE6BEFD-C9D1-43D8-9ED0-B0226A7A99F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wasteland 2\build\wl2.exe | "{1B046BE9-0D8D-4CA1-931F-31D81BC1B19D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{1CA4827B-C5DB-413F-8D7F-5FDA9FB8B712}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{204552E0-5E5B-48FE-AB46-59BD5D6AC395}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{23FE4128-5F61-41F1-B421-4D59E384F13D}" = protocol=1 | dir=out | [email protected],-28544 | "{297BE997-0F60-42A1-8213-8549C0768724}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{299ACB82-9F39-4B2E-B29F-B3F73029FB4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enclave\enclave.exe | "{2E25645C-7C4B-4002-BD74-9106219C0B56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe | "{2E41AE75-A2C9-40E6-9B7C-E8F860714BB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe | "{30465CD1-BDB3-4DA9-9888-3842916A2A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | "{31B1CE57-CC9C-469B-A76A-965CCB53AD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{364AEF7E-1DB6-4077-B5CE-456520C4A298}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe | "{3A71E310-6A99-4D76-B3A2-200836EA2E04}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaresecuritycenter.exe | "{3ABBE439-6B6E-416E-8CED-9B83FBFDA8E6}" = protocol=1 | dir=in | [email protected],-28543 | "{3F222824-2B57-41E1-89B8-DA21A46B2748}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{42344C80-ED7E-42C0-BAA7-9C7407C74F8D}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaretray.exe | "{4270BEDA-BE5D-443C-845D-37A511E215AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\survivor squad\survivor_squad.exe | "{432A8520-A0E5-42B9-86CB-1D27333AFBF0}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{443B8398-E0FB-4E20-828D-B6E8492F5F37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4442BD62-7E35-4FC2-9C64-83318408C312}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the bards tale\the bard's tale.exe | "{47C5C49A-872C-4659-BC38-A0764F834E0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe | "{47CE8EC3-3566-44F1-896F-7696A6042411}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe | "{484F90D5-EA35-45FF-B8D4-30B5DD394C47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49AE5160-28A3-4415-99C7-6A3BBB9F1FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heroine's quest\heroine's quest.exe | "{4A9939C6-080C-46E7-938A-1A8E3EE9919F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\protogalaxy\protogalaxy.exe | "{4B18190F-8445-44B2-896A-2DACE61E0F91}" = protocol=58 | dir=in | app=system | "{4BC25AE1-75BD-48D3-8A26-EDBA40C19CE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D62E86D-3032-4D4C-A4D0-0C01D2E39FCF}" = protocol=17 | dir=in | app=c:\gamecq\gcql.exe | "{550883DC-210C-4575-9F64-105C402D1FE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5691F0A8-5AFE-43B5-8296-E5DE78D75A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\state of decay\stateofdecay.exe | "{56E00C29-D99D-479F-AE33-493E63D4AB3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe | "{5929B5CB-39A4-4F4E-9F6C-3A0F56355686}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | "{5BD8D198-C257-4BF6-9FB8-5BC07EC72307}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\state of decay\stateofdecay.exe | "{5F4F4F4C-63A6-438E-8E50-4B057A169B90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wasteland 2\build\wl2.exe | "{606024E5-3856-4877-87B9-49D943E5EF95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\configtool.exe | "{61AA37C6-325F-4DC5-A9E6-BAFA8B371DDF}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaredesktop.exe | "{65F28742-B04F-4359-8EF1-83892F2750AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe | "{6850B1E5-839F-42B7-BDAE-5B8DC0B78FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe | "{693CC3E1-8CCC-4A4C-B834-0E1517B5FA01}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\plants vs. zombies\plantsvszombies.exe | "{6B318164-A203-4AEF-9702-BFDBA5189766}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{6DD8AF0A-2895-43B2-9C71-5FF871408D98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity dragon commander\shipping\dcapp.exe | "{743FC29D-5C8F-4F28-A4BE-33EF9987B2CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity2_dev_cut\autorun.exe | "{75CAE7AE-DA47-46D2-B8CB-5F32B20AB3A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mars war logs\marswarlogs.exe | "{75FE26B2-D309-458A-84C9-D09528BFEBAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{76C67254-CECC-4D2C-BE77-AA549CBB2AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | "{773476EF-15D7-44C9-8297-FAA7309AE1B3}" = protocol=6 | dir=out | app=system | "{7989C61F-58C9-4C03-BA3E-9AAE13E5A1B1}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaredesktop.exe | "{7C565D43-311E-4C7F-9D97-E3233F6CEFDC}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{7E90F7C3-B65D-4E55-BCAF-62E97851F1F4}" = protocol=58 | dir=in | [email protected],-28545 | "{829513CD-4431-4A01-85D9-132DFBEA690D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8433E492-5B68-4A5E-BFA9-C826B858FBC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity2_dev_cut\autorun.exe | "{84794E4E-90D8-4032-90AC-F49A3F1E06B9}" = protocol=6 | dir=in | app=c:\gamecq\gcql.exe | "{87659343-57F9-4E56-ACE0-0BDAC8A61485}" = protocol=58 | dir=out | [email protected],-28546 | "{8857B235-E8A4-43FC-8147-F80763B1622C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | "{8CC96715-9B53-4D16-A218-AF84B91329A6}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawarecommandline.exe | "{8D493567-3053-4A6C-B420-4F9A39041DB0}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaresecuritycenter.exe | "{8E46B304-448A-4C29-9045-835B2ADFEF2A}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawarecommandline.exe | "{8E9DB937-2BED-4834-94A6-C20A5D982A76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8FEAD030-E4D8-4020-BACF-E148AEDC9654}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawareservice.exe | "{90894C67-B6C7-4DCF-8C96-CA85E8D4964A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\haegemonia legions of iron\hgm.exe | "{97ADFC35-A9E0-4F30-8C88-25022072A10E}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{9AAD6FE2-48BD-4015-9E64-35C582BC7825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broforce the expendables missions\expendabros.exe | "{9E4DE89A-EA78-42D7-B7B6-F9C2AD230EAD}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{9FA03EA9-49C5-49ED-B0C4-E317C427B025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\launcher.exe | "{A03C7814-5B02-451F-9033-4EEBD669A800}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe | "{A2FF3D74-C0DF-40B0-8A87-5FB9DC6CBF8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\enclave\enclave.exe | "{A3F2A8B2-8128-4E57-BAC4-BC9C54BE1467}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawareservice.exe | "{A6916560-EBE0-488E-A82F-81079E189B8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A901F3AF-F45F-43AC-AB1B-F439F6EE41A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mars war logs\marswarlogs.exe | "{AB0635A1-35CD-4B2C-8B7D-9853BB5CCFDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{AD6CEC76-3005-4ECD-A663-FD2A5B266A76}" = protocol=58 | dir=out | [email protected],-503 | "{AEFCB1CC-E6ED-4AC2-887A-161D412D4B7C}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{B28ED45B-FF7A-46BF-8C79-7FADA9FBA3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe | "{B2F21C72-C997-41E0-8B01-37D91954A642}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\div.exe | "{B66C80F7-E132-477C-9CAD-901AB053A14A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe | "{B9AC0F40-EB52-4146-B7A2-79A5653E2ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe | "{BA0B4192-BD6A-4D26-902B-091EC181B8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowsetup.exe | "{BA0E2B7F-F1A8-4A0F-ADF0-C233810E63D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\haegemonia legions of iron\hgm.exe | "{BDD803B9-BACB-424B-A99F-08D53E9B5EC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C071E7B1-420C-4D2D-A809-7D9B3A7FDE44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C31CD030-B838-4DA2-B8F5-FE9CA89532C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broforce the expendables missions\expendabros.exe | "{C9BF9F7D-5549-47C7-AD77-4FD943C82AB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D37C8BF2-4C89-44AF-A90B-6A4E96DCBAB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\haegemonia the solon heritage\hgma.exe | "{D48EBA8E-2873-457C-BEE3-2303E1D8C401}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{D53D5AAC-BE14-4441-9377-1F2CD629AEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe | "{D8B52082-D7E2-4D45-87CE-D0B5F17DA6A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe | "{D9F592F8-661E-4064-B1C7-A592D7E011BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe | "{DCF9640E-FD02-4EF9-AF5C-D500027C67A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\div.exe | "{E2504DD0-DACC-4DCB-887C-43AA036B6793}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the bards tale\config\the bard's setup.exe | "{E3CAFCC1-DCBE-42AD-BDE8-88B1D4375933}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{E9A975D5-26CE-4D21-B45C-0C82A34F99E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\haegemonia the solon heritage\hgma.exe | "{F33A694A-CC36-49EE-A041-27BDF29F4542}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of wonders\aowed.exe | "{F56B3445-626C-4A2E-B555-3838139E16F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\protogalaxy\protogalaxy.exe | "{F5CEF5E0-8DA6-437A-B9E2-9CD155388D89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F6D71ADC-E47A-47DF-8BF8-82612E22F998}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | "{F7597C04-0649-4D85-8B97-9715D92D09A5}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\adawaretray.exe | "{F96F15E6-0F99-40C5-ADA0-6F14DA1ED3DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F995A552-2C74-4EC9-B9CC-2DB8057656A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heroine's quest\heroine's quest.exe | "{FD07AC66-F019-4678-B253-F1825C44062A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{FEB6C32B-125E-49D7-AC0A-F4C7D86BA188}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | "{FFF72606-460F-4F7E-AD23-167B5D2F7492}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\survivor squad\survivor_squad.exe | "TCP Query User{11361D24-3A19-4351-9FD6-808AA2C1125B}C:\games\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe | "TCP Query User{1269052B-EF59-4E0D-979F-950CF7CFFE41}C:\program files (x86)\agb-gt\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\agb-gt\mass effect 3\binaries\win32\masseffect3.exe | "TCP Query User{16AA4476-B7EF-439A-97E8-50F15836553D}C:\gamecq\.cache\darkspacebeta\bugreport.exe" = protocol=6 | dir=in | app=c:\gamecq\.cache\darkspacebeta\bugreport.exe | "TCP Query User{17D67646-1D7A-40E7-B1DF-FE1D1AB83767}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe | "TCP Query User{250C2EC9-D4B3-4D9A-A2BF-EB5179626058}C:\games\divinity original sin\shipping\eocapp.exe" = protocol=6 | dir=in | app=c:\games\divinity original sin\shipping\eocapp.exe | "TCP Query User{48BBD38C-815C-4047-8BBC-C0914F499D50}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | "TCP Query User{5451EBFC-F2E7-4B25-A3E3-A29CF1F35AED}C:\games\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe | "TCP Query User{5726C750-B407-4212-9E30-ED91E1D95A16}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{594B4FA0-AB9B-4F9A-A89F-11210D252464}C:\games\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=6 | dir=in | app=c:\games\xcom enemy unknown\binaries\win32\xcomgame.exe | "TCP Query User{7B1C69CB-6AB2-4D8A-9AE0-81CE96892E85}C:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=c:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe | "TCP Query User{8B055A70-B776-4895-8F61-E315BB699087}C:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelheroes2015.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelheroes2015.exe | "TCP Query User{A2858FCE-89C6-42D6-9B73-CF87BCAF1B23}C:\program files (x86)\cryptic studios\star trek online\playtest\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\playtest\gameclient.exe | "TCP Query User{B0D0C665-BDD5-4FB5-AED6-4D60BD691827}C:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | "TCP Query User{B2136EC2-6047-4CF1-831A-8FD662C2CA4B}C:\program files (x86)\cryptic studios\star trek online\beta\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\beta\gameclient.exe | "TCP Query User{C1EFEE69-F485-47B5-9FA2-5E627E500E72}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{C274B754-BB38-4617-B864-1131C1BD441C}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe | "TCP Query User{C54145C4-46FF-4389-B9FC-57EE110809AD}C:\gamecq\.cache\darkspace\bugreport.exe" = protocol=6 | dir=in | app=c:\gamecq\.cache\darkspace\bugreport.exe | "TCP Query User{CC50E20F-2565-46DB-A415-815EA548FC0F}C:\program files (x86)\dz repack team\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dz repack team\saints row iv\saintsrowiv.exe | "TCP Query User{CFE5E4A7-002E-4DBE-8EFC-A3F080B227C6}C:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | "UDP Query User{0AA0A2AA-EFB7-4F5D-8AC1-D979646E34EF}C:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=c:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe | "UDP Query User{0BE20FE7-C52E-4AE1-AD8B-4C233BE60D91}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | "UDP Query User{187217EE-9C9C-4858-973B-68DB0B07791E}C:\games\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe | "UDP Query User{1D929391-4864-4285-9145-8FF1355953C8}C:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | "UDP Query User{22005105-0288-4303-A641-19129BA37356}C:\program files (x86)\cryptic studios\star trek online\beta\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\beta\gameclient.exe | "UDP Query User{23EAD092-95AD-4D27-8617-F316016AFE90}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe | "UDP Query User{306608D5-23AA-40BA-A1D7-91A1260A74B8}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe | "UDP Query User{370BBEF6-26D5-4E6F-BABB-434CBC86068E}C:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelheroes2015.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelheroes2015.exe | "UDP Query User{4096C35B-9D6C-4367-A2E3-02F81C751C77}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{5840A3EF-D383-4039-B9AA-D0DCB0026D77}C:\games\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=17 | dir=in | app=c:\games\xcom enemy unknown\binaries\win32\xcomgame.exe | "UDP Query User{67A75D85-5545-4B25-A83E-739843A9A0FA}C:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | "UDP Query User{8CA28A25-A554-4AC1-BA35-E7DD70144974}C:\games\divinity original sin\shipping\eocapp.exe" = protocol=17 | dir=in | app=c:\games\divinity original sin\shipping\eocapp.exe | "UDP Query User{9D4EF5AF-F4B4-4021-8FCB-FBDC4A0095AB}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{A5B1E4A2-1D02-48CB-BF26-A429AE85EAF8}C:\program files (x86)\agb-gt\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\agb-gt\mass effect 3\binaries\win32\masseffect3.exe | "UDP Query User{CBFC6068-13B7-49D1-8907-51AAE3C48BE8}C:\gamecq\.cache\darkspace\bugreport.exe" = protocol=17 | dir=in | app=c:\gamecq\.cache\darkspace\bugreport.exe | "UDP Query User{D9613721-CC93-4FE8-87F7-FACBE7CAAAC6}C:\program files (x86)\dz repack team\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dz repack team\saints row iv\saintsrowiv.exe | "UDP Query User{DFE2B375-1B5F-412B-970E-F696A32C5BAA}C:\program files (x86)\cryptic studios\star trek online\playtest\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cryptic studios\star trek online\playtest\gameclient.exe | "UDP Query User{FA60D8E3-ACC6-4900-8C2C-C1AEAE24A2F6}C:\games\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe | "UDP Query User{FCDFC08E-DDD4-4212-956C-B1BE734A2B80}C:\gamecq\.cache\darkspacebeta\bugreport.exe" = protocol=17 | dir=in | app=c:\gamecq\.cache\darkspacebeta\bugreport.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center "{28A683FB-7BEF-4C94-93D1-0DDDB7761894}" = OnlineThreatsEngine "{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager "{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel "{57C84705-FA60-4288-9432-2F704F6D335A}" = AntispamEngine "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine "{61121B12-88BD-4261-A6EE-AB32610A56De}" = Python 2.7.8 (64-bit) "{678A75C7-5953-B109-57EE-46C7BA4C29C1}" = AMD Drag and Drop Transcoding "{6A16ADA5-0B30-4893-84AB-961B1340D14A}" = AdAwareUpdater "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{877C7A27-7529-4B0C-BA7B-4D697E90DDC1}" = FirewallEngine "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{AC7D612A-9805-4BB8-A8CA-4CCFE361B4B7}" = AdAwareInstaller "{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64 "{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders "{CE5E1FC7-FD27-493F-A65F-23AD7ED9661D}" = WebFilteringEngine "{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0 "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0 "{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding "CPUID ASUS CPU-Z_is1" = CPUID ASUS CPU-Z 1.61 "Defraggler" = Defraggler "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "Shareaza_is1" = Shareaza 2.6.0.0 "Speccy" = Speccy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek "{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR "{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center "{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian "{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish "{481ECFB2-D52E-471C-87C0-04CBB05B5CA1}" = SoD Save Manager Setup "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3 "{5D9AFA69-8BE0-4EDB-9475-0D88665D61C5}_is1" = Star Trek Online Extended Nude Mods v2.11.0 version 2.11.0 "{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™ "{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AAE9187-C24F-4073-A951-36C370E7A3A5}" = ASUS Boot Setting "{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish "{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese "{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AC95B53-8B4C-4A95-B5C6-93155BD01C5D}" = TurboCAD Designer 19 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French "{9DD2509C-8479-4A92-8FF3-9A412A5B1877}" = Cosmic Supremacy "{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian "{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian "{BFE65ED9-5EF3-4CE5-97EC-6C9AAA325801}" = Unforbidden "{C0B16F2E-3980-44F8-8CF4-F84696541FF7}" = ASUS Product Register Program "{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English "{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean "{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese "{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "«Saints Row IV»_is1" = «Saints Row IV» 1.0.6.1 "â’¸¬’·I–‚–@*—ƒnƒ‹ƒJ_is1" = â’¸¬’·I–‚–@*—ƒnƒ‹ƒJ 1.00 "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin "Avast" = avast! Free Antivirus "Battle for Wesnoth 1.10.7" = Battle for Wesnoth 1.10.7 "BOSS" = BOSS "DAEMON Tools Lite" = DAEMON Tools Lite "DarkSpace" = DarkSpace 1.691 "Fraps" = Fraps (remove only) "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.2.1.6 "Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US) "Mozilla Thunderbird 24.6.0 (x86 en-US)" = Mozilla Thunderbird 24.6.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OpenAL" = OpenAL "Origin" = Origin "Porrasturvat - Stair Dismount" = Porrasturvat - Stair Dismount "Project 64_is1" = Project 64 version 2.1.0.1 "Rekkaturvat" = Truck Dismount (remove only) "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "Return to Krondor" = Return to Krondor "RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1" = Divinity Original Sin "RPGVXAce_E_is1" = RPG MAKER VX Ace "RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP "Sierra Utilities" = Sierra Utilities "Starpoint Gemini 2_R.G. Gamblers_is1" = Starpoint Gemini 2 "Starshatter The Gathering Storm1.0" = Starshatter The Gathering Storm "Steam App 107200" = Space Pirates and Zombies "Steam App 107310" = Cthulhu Saves the World "Steam App 214170" = Divine Divinity "Steam App 219780" = Divinity II: Developer's Cut "Steam App 226320" = Marvel Heroes "Steam App 232750" = Mars: War Logs "Steam App 236150" = Starpoint Gemini 2 "Steam App 240760" = Wasteland 2 "Steam App 241540" = State of Decay "Steam App 243950" = Divinity: Dragon Commander "Steam App 253980" = Enclave "Steam App 258050" = Survivor Squad "Steam App 283880" = Heroine's Quest: The Herald of Ragnarok "Steam App 294770" = Haegemonia: Legions of Iron "Steam App 294790" = Haegemonia: The Solon Heritage "Steam App 301520" = Robocraft "Steam App 312990" = The Expendabros "Steam App 41800" = Gratuitous Space Battles "Steam App 41900" = The Bard's Tale "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 48900" = Saira "Steam App 60600" = ProtoGalaxy "Steam App 61500" = Age of Wonders "Steam App 91310" = Dead Island "TeamSpeak 3 Client" = TeamSpeak 3 Client "TSEV Skyrim LE_is1" = TSEV Skyrim LE "U2FpbnRzUm93SVY=_is1" = Saints Row IV Update 5 Incl. DLC "Void of Darkness 1.0.7.5" = Void of Darkness 1.0.7.5 "Void of Darkness 1.1" = Void of Darkness 1.1 "Void of Darkness 1.1 Update" = Void of Darkness 1.1 Update "Void of Darkness Update 1.1b" = Void of Darkness Update 1.1b "Wrye Bash" = Wrye Bash ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/11/2014 15:26:42 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/12/2014 14:47:23 | Computer Name = Ted-PC | Source = Application Hang | ID = 1002 Description = The program Shareaza.exe version 2.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1458 Start Time: 01cfb65d343c0d49 Termination Time: 60000 Application Path: C:\Program Files\Shareaza\Shareaza.exe Report Id: e0b19006-2250-11e4-91ab-60a44c62cc2f Error - 8/12/2014 14:50:02 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/12/2014 16:51:52 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/12/2014 18:21:56 | Computer Name = Ted-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x0000000000004e03 Faulting process id: 0x814 Faulting application start time: 0x01cfb433be7e092a Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 114d262c-226f-11e4-91ab-60a44c62cc2f Error - 8/12/2014 18:46:55 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/12/2014 20:15:49 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/13/2014 7:00:34 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/13/2014 12:26:40 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = Error - 8/13/2014 13:20:49 | Computer Name = Ted-PC | Source = MsiInstaller | ID = 11706 Description = [ obmm Events ] Error - 10/7/2013 17:54:32 | Computer Name = Ted-PC | Source = obmm | ID = 0 Description = Could not get plugins: Object reference not set to an instance of an object. [ System Events ] Error - 6/3/2014 11:07:50 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BdfNdisf bdfwfpf Error - 6/3/2014 11:12:24 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 6/3/2014 11:12:57 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 6/3/2014 11:13:31 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s). Error - 6/3/2014 12:42:46 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BdfNdisf bdfwfpf Error - 6/3/2014 12:44:31 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 6/3/2014 12:45:00 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 6/3/2014 12:45:06 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s). Error - 6/3/2014 12:45:35 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s). Error - 6/3/2014 13:45:26 | Computer Name = Ted-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BdfNdisf bdfwfpf < End of report >
See less See more
Open Notepad and click the Format menu. you will see wrodwrap CHECKED.
Click ONCE on wordwrap.
Then open each file and post it.,
I always have wordwrap off, not sure why it did that. I even doublechecked to be sure and wordwrap is indeed unchecked. Should I just archive and post them as an attachment?
I tried posting them again by copy/pasting and they showed up the same way in the preview, so here they are as an attachment.

Attachments

I don't want them as a .rar file.
please post as a .txt file.
I don't want them as a .rar file.
please post as a .txt file.
Sorry.

Attachments

Waxfruit,
Those worked.
If you continue to use P2P programs like Shareaza, your machine will continue to be deluged with junk, or worse.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

AdAwareUpdater
AdAwareInstaller
Shareaza 2.6.0.0
Ad-Aware Browsing Protection

Take extra care in answering questions posed by any Uninstaller.
If any program fails to Uninstall, just proceed to the next one.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Right click OTL on your desktop, and choose "Run as administrator" to open it.
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
    DRV:[b]64bit:[/b] - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt)
    DRV:[b]64bit:[/b] - File not found [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
    DRV:[b]64bit:[/b] - File not found [Kernel | System | Stopped] -- c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys -- (BdfNdisf)
    O2:[b]64bit:[/b] - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
    O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
    O4:[b]64bit:[/b] - HKLM..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" File not found
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O8:[b]64bit:[/b] - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
    O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
    [2014/01/22 02:08:19 | 000,000,000 | ---D | M] -- C:\Users\Bacon\AppData\Roaming\Shareaza
    [2013/09/18 19:53:04 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\.BitTornado
    [2013/05/17 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Ad-Aware Antivirus
    [2013/09/18 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Shareaza
    [2013/09/11 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\uTorrent
    [2013/09/25 18:05:10 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Ad-Aware Antivirus
    [2013/09/25 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Ted\AppData\Roaming\Shareaza
    @Alternate Data Stream - 16 bytes -> C:\Users\Bacon\Downloads:Shareaza.GUID
    @Alternate Data Stream - 16 bytes -> C:\Users\Bacon\Documents\Shareaza:Shareaza.GUID
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A71E310-6A99-4D76-B3A2-200836EA2E04}" =-
    "{42344C80-ED7E-42C0-BAA7-9C7407C74F8D}" =-
    "{432A8520-A0E5-42B9-86CB-1D27333AFBF0}" =-
    "{61AA37C6-325F-4DC5-A9E6-BAFA8B371DDF}" =-
    "{7989C61F-58C9-4C03-BA3E-9AAE13E5A1B1}" =-
    "{7C565D43-311E-4C7F-9D97-E3233F6CEFDC}" =-
    "{8CC96715-9B53-4D16-A218-AF84B91329A6}" =-
    "{8D493567-3053-4A6C-B420-4F9A39041DB0}" =-
    "{8E46B304-448A-4C29-9045-835B2ADFEF2A}" =-
    "{8FEAD030-E4D8-4020-BACF-E148AEDC9654}" =-
    "{9E4DE89A-EA78-42D7-B7B6-F9C2AD230EAD}" =-
    "{A3F2A8B2-8128-4E57-BAC4-BC9C54BE1467}" =-
    "{AEFCB1CC-E6ED-4AC2-887A-161D412D4B7C}" =-
    "{F7597C04-0649-4D85-8B97-9715D92D09A5}" =-
    "TCP Query User{7B1C69CB-6AB2-4D8A-9AE0-81CE96892E85}C:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe" =-
    "UDP Query User{0AA0A2AA-EFB7-4F5D-8AC1-D979646E34EF}C:\users\bacon\documents\shareaza\shadowrun.returns.deluxe.with.update.3-ali213\srd.with.up3.ali213\shadowrun returns\shadowrun.exe" =-
    
    :Files
    c:\program files\lavasoft
    c:\program files\shareaza
    c:\users\bacon\documents\shareaza
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • That is the FIX log file. Copy the contents of that file and post it in your next reply.
    It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

askey127
See less See more
I'm not sure why there's still anything from adaware on my computer, I uninstalled it a couple months ago after they were giving no acknowledgement of there being an issue with their updater failing to update, myself and most other ad aware users were unable to update for a long time so I uninstalled and moved to another antivirus. I don't even have an installer on my computer and nothing to do with adaware shows up in my list of programs when I try to uninstall, which is why this is so puzzling to me.

Since ad aware was already uninstalled should I just skip to the custom fix part?


Do you have a recommendation for a bit torrent client that's not loaded with junk? I'm not the only person who uses this computer but I'm at least trying to keep it somewhat clean, though it feels like a losing battle sometimes.
This is the log from after rebooting

Attachments

This is the quick scan log

Attachments

Waxfruit,
Ther are no "Safe" torrent applications. The problem is in the files you get.
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

The issue is so well known that many help sites will refuse assistance if a User keeps returning with torrent programs installed.
With most modern computers, torrents are not necessary or even particularly useful.

Your machine should behave quite well now, and will continue, unless someone downloads and uses another torrent.
Let me know if there are still any problems.

Good Luck.
askey127
See less See more
Ah, so it's the torrents themselves. I don't really use torrents aside from books or something for studies or my D&D habit, but these guys I'm not sure what they download. I'll just have to tell them to get their own computer if they want to run stuff like that.

Unfortunately it still tried to run the ad aware installer even though it's not even present on my computer (if I leave the window alone it gives me an error message about not being able to find it). When I booted up today I opened the task manager instead of just closing the window and saw it's msiexec that runs, I think that's the windows installer program? I did a search and came up with this: http://support.microsoft.com/kb/290301. After using that tool it no longer tries to run the ad aware installer when right clicking a file or folder but msiexec still blinks for a split second and appears in my task manager window.

Though I have to say I've noticed a few seconds faster startup after running your custom OTL fix, it's gone from arout 30 seconds to 20 or so.
See less See more
Waxfruit,
Unfortunately there are no complete uninstall utilities made by Lavasoft for ad-aware.
(it's definitely not a recommended antivirus)
-------------------------------------------------------------
Download MyDefrag from here and Install it : http://www.mydefrag.com/
(The download button is on the left).
After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
(Click System Disk Monthly and then check C: drive, click Run)
Wait for it. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
It will finish quite a bit faster in the ensuing runs.

Running Mydefrag could result in a bit more speed for you.
askey127
See less See more
That figures. It's good enough for now though, so thanks for your help. I'm probably going to be getting a new HD within the next couple months anyway so this and whatever other problems are floating around on my system will be gone then.

Again, thanks for your help, I appreciate it.
1 - 18 of 18 Posts
Status
Not open for further replies.
Top