My external harddrive doesn't work anymore

A few days ago my harddrive my WD 500gb started to be slow (even opening it cost like 10sec) and then i couldnt watch movies from my harddrive :cry: and sometimes it disconnects. And now my Windows explorerer crashes when ever i plug it in. But it works fine on my win7.

PLs help me out
 

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload
Hello timothy110 and welcome to the forums :party:

My name is Tom and I'll be helping you with your problem.

Can you run the following for me please? All this will do is tell me a little more about your system :)

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
Under the Extra Registry box change it to All.
Click the Run Scan button.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Tnx for ur help here is Extras.txt and the other txt


Code:
OTL Extras logfile created on: 9/12/2011 13:38:05 - Run 1

 
OTL by OldTimer - Version 3.2.31.0     Folder = 
C:\Users\Timothy_2\Desktop

 
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type 
= NTWorkstation

 
Internet Explorer (Version = 9.0.8112.16421)

 
Locale: 00000813 | Country: België | Language: NLB | Date Format: 
d/MM/yyyy

 
 

 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,83% 
Memory free

 
4,21 Gb Paging File | 3,09 Gb Available in Paging File | 73,37% Paging File 
free

 
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 
 

 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program 
Files

 
Drive C: | 458,44 Gb Total Space | 237,50 Gb Free Space | 51,81% Space Free | 
Partition Type: NTFS

 
Drive D: | 7,32 Gb Total Space | 1,25 Gb Free Space | 17,11% Space Free | 
Partition Type: NTFS

 
Drive E: | 141,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | 
Partition Type: UDF

 
Drive K: | 465,65 Gb Total Space | 68,13 Gb Free Space | 14,63% Space Free | 
Partition Type: FAT32

 
Drive M: | 465,65 Gb Total Space | 30,29 Gb Free Space | 6,50% Space Free | 
Partition Type: FAT32

 
 

 
Computer Name: TIMOTHY | User Name: Timothy_2 | Logged in as 
Administrator.

 
Boot Mode: Normal | Scan Mode: Current user

 
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name 
Whitelist: On | File Age = 30 Days

 
 

 
========== Extra Registry (All) ==========

 
 

 
 

 
========== File Associations ==========

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 
.bat [@ = batfile] -- "%1" %*

 
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

 
.cmd [@ = cmdfile] -- "%1" %*

 
.com [@ = comfile] -- "%1" %*

 
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft 
Corporation)

 
.exe [@ = exefile] -- "%1" %*

 
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft 
Corporation)

 
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe 
(Mozilla Corporation)

 
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft 
Corporation)

 
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft 
Corporation)

 
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft 
Corporation)

 
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
.pif [@ = piffile] -- "%1" %*

 
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

 
.scr [@ = scrfile] -- "%1" /S

 
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft 
Corporation)

 
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft 
Corporation)

 
 

 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

 
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 

 
========== Shell Spawning ==========

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

 
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft 
Corporation)

 
batfile [open] -- "%1" %*

 
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft 
Corporation)

 
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

 
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft 
Corporation)

 
cmdfile [open] -- "%1" %*

 
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft 
Corporation)

 
comfile [open] -- "%1" %*

 
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft 
Corporation)

 
exefile [open] -- "%1" %*

 
helpfile [open] -- Reg Error: Key error.

 
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

 
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft 
Corporation)

 
htmlfile [edit] -- Reg Error: Key error.

 
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome 
(Microsoft Corporation)

 
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 
(Microsoft Corporation)

 
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML 
"%1"

 
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending 
-osint -url "%1" (Mozilla Corporation)

 
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

 
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" 
(Microsoft Corporation)

 
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft 
Corporation)

 
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft 
Corporation)

 
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft 
Corporation)

 
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft 
Corporation)

 
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" 
"C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

 
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" 
"C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

 
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft 
Corporation)

 
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft 
Corporation)

 
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft 
Corporation)

 
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft 
Corporation)

 
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft 
Corporation)

 
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft 
Corporation)

 
piffile [open] -- "%1" %*

 
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft 
Corporation)

 
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

 
regfile [merge] -- Reg Error: Key error.

 
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft 
Corporation)

 
scrfile [config] -- "%1"

 
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

 
scrfile [open] -- "%1" /S

 
txtfile [edit] -- Reg Error: Key error.

 
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft 
Corporation)

 
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft 
Corporation)

 
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" 
"%4" (Microsoft Corporation)

 
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft 
Corporation)

 
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft 
Corporation)

 
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft 
Corporation)

 
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft 
Corporation)

 
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft 
Corporation)

 
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft 
Corporation)

 
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft 
Corporation)

 
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft 
Corporation)

 
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft 
Corporation)

 
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft 
Corporation)

 
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe 
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

 
Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" 
"-add2multi" "%1" (Giorgio Tani)

 
Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" 
"-ext2browsepath" "%1" (Giorgio Tani)

 
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

 
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft 
Corporation)

 
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L 
(Microsoft Corporation)

 
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
Applications\iexplore.exe [open] -- "C:\Program Files\Internet 
Explorer\iexplore.exe" %1 (Microsoft Corporation)

 
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program 
Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 
 

 
========== Security Center Settings ==========

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 
"cval" = 1

 
"UacDisableNotify" = 1

 
"InternetSettingsDisableNotify" = 1

 
"AutoUpdateDisableNotify" = 1

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
"DisableMonitoring" = 1

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\SymantecAntiVirus]

 
"DisableMonitoring" = 1

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\SymantecFirewall]

 
"DisableMonitoring" = 1

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
"AntiVirusOverride" = 0

 
"AntiSpywareOverride" = 0

 
"FirewallOverride" = 0

 
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 

 
========== Firewall Settings ==========

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 
"DisableNotifications" = 0

 
"EnableFirewall" = 1

 
"DoNotAllowExceptions" = 0

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 
"DisableNotifications" = 0

 
"EnableFirewall" = 1

 
"DoNotAllowExceptions" = 0

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

 
"DisableNotifications" = 0

 
"EnableFirewall" = 1

 
 

 
========== Authorized Applications List ==========

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms 
EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

 
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms 
EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

 
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat 
Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

 
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat 
Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms 
EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

 
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms 
EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

 
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data 
over 1000 bytes]

 
"C:\Users\Josephine\AppData\Local\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe" 
= [String data over 1000 bytes]

 
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat 
Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

 
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat 
Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

 
 

 
 

 
========== Vista Active Open Ports Exception List ==========

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
"{00069931-6BC8-447E-A962-6E1792C1FF56}" = lport=137 | protocol=17 | dir=in | 
app=system | 

 
"{05C44039-0035-4550-956B-828BF122DA3F}" = rport=3702 | protocol=17 | dir=out 
| svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
"{08399A8E-D449-447E-B288-B4B0EEB854A4}" = lport=5358 | protocol=6 | dir=in | 
app=system | 

 
"{0F3C26E2-67B0-40EE-87EB-8D1FC4EF02C9}" = rport=3702 | protocol=17 | dir=out 
| app=c:\windows\system32\netproj.exe | 

 
"{0FA673F3-576C-45AD-BA40-2C5942AFEE29}" = lport=445 | protocol=6 | dir=in | 
app=system | 

 
"{12ECE25C-8B5E-4F81-A0BF-3FA7BA4CFE6D}" = rport=2177 | protocol=6 | dir=out 
| svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
"{16AFF538-E023-4401-A5C7-BE2565A44FF3}" = rport=5355 | protocol=17 | dir=out 
| svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
"{1CC0E4AE-FCFA-4B9D-AF0C-1FC7B2E18072}" = rport=3540 | protocol=17 | dir=out 
| svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

 
"{2CA9656E-9EDF-48C8-A97F-9651E340C9A7}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{2FC520F3-9604-4572-8D5A-C384775993A1}" = lport=rpc | protocol=6 | dir=in | 
svc=vds | app=c:\windows\system32\vds.exe | 

 
"{3097DC73-CEE7-417D-BE71-957191F89F74}" = lport=3702 | protocol=17 | dir=in 
| app=c:\windows\system32\p2phost.exe | 

 
"{337A1216-98CE-48C1-9C84-7875A08303CD}" = rport=138 | protocol=17 | dir=out 
| app=system | 

 
"{366FA647-F7B2-440E-8EC6-0287EFFE3278}" = lport=162 | protocol=17 | dir=in | 
svc=snmptrap | app=c:\windows\system32\snmptrap.exe | 

 
"{3957690A-852D-4CD5-B603-E6C973F94EB2}" = lport=26792 | protocol=17 | dir=in 
| name=bitcomet 26792 udp | 

 
"{3A0AB13B-6B4B-4077-943B-1C6EFDE56BD8}" = rport=1723 | protocol=6 | dir=out 
| app=system | 

 
"{3ABB5004-88DB-4779-8118-063CD4243E2D}" = lport=2869 | protocol=6 | dir=in | 
app=system | 

 
"{3B35BB7E-D570-49DC-A8F3-32BB6997970C}" = rport=139 | protocol=6 | dir=out | 
app=system | 

 
"{3CB36F95-DA83-4CF3-9409-472A45A231FE}" = lport=445 | protocol=6 | dir=in | 
app=system | 

 
"{3D629C61-7F8B-4409-ADB1-F3EB785E93BB}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{3F099D77-00E7-4039-83BB-3634F574E55B}" = lport=5985 | protocol=6 | dir=in | 
app=system | 

 
"{49BE4D8C-9E4D-47A7-9E2F-7EC0E85E917E}" = lport=443 | protocol=6 | dir=in | 
app=system | 

 
"{4BAA54B7-397A-474E-A69A-6CB332ABD87F}" = rport=2177 | protocol=17 | dir=out 
| svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
"{51B07077-DFD0-4615-AF1D-5CCA042E73BC}" = lport=19316 | protocol=6 | dir=in 
| name=bitcomet 19316 tcp | 

 
"{53A3AB37-EBCD-45B5-A2B6-8524AA1FDEB4}" = lport=2869 | protocol=6 | dir=in | 
app=system | 

 
"{563D8A87-919C-457C-A81B-198E11F6FE85}" = lport=2177 | protocol=17 | dir=in 
| svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
"{59D62104-EC1E-4FB3-9061-DD753A7A656D}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | [email protected],-28539 | 

 
"{5A5E43EC-FE56-4626-A849-B74E25419A67}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
"{5A97F0A8-3E2C-48E7-8304-3B9769294875}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{5DB9EECE-0B76-400D-B766-E37CEF214C9A}" = lport=19316 | protocol=17 | dir=in 
| name=bitcomet 19316 udp | 

 
"{6AAF0746-7C47-4283-A656-2C69C911AC40}" = rport=3702 | protocol=17 | dir=out 
| app=c:\windows\system32\p2phost.exe | 

 
"{6EA26471-F27D-4B56-A8D4-8C281A77BB91}" = rport=1900 | protocol=17 | dir=out 
| svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
"{764722FA-6322-45F3-AD16-1F8F07ECE1B5}" = rport=3540 | protocol=17 | dir=out 
| svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

 
"{774A64A0-704F-4411-B163-3EBD4B963F22}" = lport=1723 | protocol=6 | dir=in | 
app=system | 

 
"{78424D5B-F58B-474F-B859-4BE609560204}" = lport=138 | protocol=17 | dir=in | 
app=system | 

 
"{790B3D3E-7ED6-4C12-92AD-E293BB6F2703}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{7B4D073F-A186-4AD7-AC48-6C53FE02CD75}" = lport=rpc | protocol=6 | dir=in | 
app=c:\windows\system32\services.exe | 

 
"{7B617272-0393-4374-8792-EF3661E83D8E}" = rport=3702 | protocol=17 | dir=out 
| svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

 
"{7BB84AB4-10B4-49B1-BC5D-8C011F0C3A19}" = lport=135 | protocol=6 | dir=in | 
svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{7EA82247-FEAA-47A8-9546-54D1DB22F79E}" = lport=26792 | protocol=6 | dir=in 
| name=bitcomet 26792 tcp | 

 
"{83FB335B-92CE-4DD1-86F4-3411DD0FCEB2}" = lport=3540 | protocol=17 | dir=in 
| svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

 
"{869B734C-0874-45D3-B54C-2C328182AA82}" = lport=rpc | protocol=6 | dir=in | 
svc=eventlog | app=c:\windows\system32\svchost.exe | 

 
"{87A9C155-300D-4F80-BE38-23B244C8C4BE}" = rport=3587 | protocol=6 | dir=out 
| svc=p2psvc | app=c:\windows\system32\svchost.exe | 

 
"{8A7E7DC8-4BEB-4C3A-ACCD-42061C04A629}" = rport=445 | protocol=6 | dir=out | 
app=system | 

 
"{94407F0A-4408-4F80-9619-5AFF113CDC0E}" = lport=19316 | protocol=17 | dir=in 
| name=bitcomet 19316 udp | 

 
"{99D4DF28-CB94-4A6C-A844-7755634F3D6F}" = lport=445 | protocol=6 | dir=in | 
app=system | 

 
"{9D2000E6-E39E-466F-933B-FF8D1F8E6706}" = lport=2869 | protocol=6 | dir=in | 
app=system | 

 
"{A216741F-13A0-446B-A29C-151666B220FA}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{A4F4693F-3A00-4B38-AD54-ED233D8C02B4}" = lport=445 | protocol=6 | dir=in | 
app=system | 

 
"{A569721E-B6C8-4B40-93A1-D856B1B49BC5}" = lport=139 | protocol=6 | dir=in | 
app=system | 

 
"{A7AB5D61-A199-40B7-9AF5-12ABEC2478F8}" = lport=26792 | protocol=17 | dir=in 
| name=bitcomet 26792 udp | 

 
"{A8D25237-AABE-4F68-B98D-1BD41078802E}" = lport=33674 | protocol=17 | dir=in 
| name=thunderlan(udp) | 

 
"{A98A5E2D-D95F-4AF9-AA14-81B0321E71F4}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{A9DBC596-9470-4755-9660-8345AB08D4D7}" = lport=rpc | protocol=6 | dir=in | 
svc=* | app=c:\windows\system32\svchost.exe | 

 
"{AF37D09F-8DAF-47BF-B599-2FA760909125}" = lport=26792 | protocol=6 | dir=in 
| name=bitcomet 26792 tcp | 

 
"{AF4D57F1-9487-4802-9CB4-A859C6654380}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{B1686AEF-4E48-4685-B5C4-17CBA6C458C6}" = lport=rpc | protocol=6 | dir=in | 
app=c:\windows\system32\vdsldr.exe | 

 
"{B37C0812-C55C-4103-A03B-5CEF85412199}" = rport=5722 | protocol=6 | dir=out 
| svc=dfsr | app=c:\windows\system32\dfsr.exe | 

 
"{B534BE65-C9D5-4681-857B-9660A0A56520}" = lport=3702 | protocol=17 | dir=in 
| svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

 
"{B8109C37-C870-4F4D-AC9C-EE1C55FF4A03}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{B9664E97-206F-46FE-9799-B08B496C87B4}" = rport=1900 | protocol=17 | dir=out 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{B9949777-47F5-4EF9-B7A2-D227DD538892}" = lport=6004 | protocol=17 | dir=in 
| app=c:\program files\microsoft office\office12\outlook.exe | 

 
"{BB68D376-AE0F-4DDE-8D67-5BF9EBA944BB}" = lport=33673 | protocol=6 | dir=in 
| name=thunderlan(tcp) | 

 
"{BBB385B5-FA68-46B0-9818-4E000860272D}" = lport=1701 | protocol=17 | dir=in 
| app=system | 

 
"{BBD85063-D3BD-48D2-BB24-3F8BE4AE8158}" = lport=rpc | protocol=6 | dir=in | 
svc=schedule | app=c:\windows\system32\svchost.exe | 

 
"{BD9A8ADF-C361-4D9C-9AE3-A2EC6A1C1A8C}" = lport=3702 | protocol=17 | dir=in 
| app=c:\windows\system32\netproj.exe | 

 
"{BDC6DCCD-6E00-4728-BD71-A9A099B18C04}" = lport=80 | protocol=6 | dir=in | 
[email protected],-50 | 

 
"{BF7A7403-334B-41B7-9522-E151675A0B76}" = lport=5355 | protocol=17 | dir=in 
| svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
"{C37964BD-B148-4D4B-9319-DABB81DCB663}" = lport=rpc-epmap | protocol=6 | 
dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 

 
"{C7E0C775-894D-41D4-90C6-74420F9C55D5}" = lport=19316 | protocol=6 | dir=in 
| name=bitcomet 19316 tcp | 

 
"{C8424A17-8246-4DF2-AB6A-7415ECDAF72C}" = lport=1900 | protocol=17 | dir=in 
| svc=ssdpsrv | app=svchost.exe | 

 
"{CADBA3B6-3811-4AEA-BF94-E0DDD92468C9}" = rport=1900 | protocol=17 | dir=out 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{D0656DED-96E8-4659-9B14-538B3AFBFF86}" = rport=1900 | protocol=17 | dir=out 
| svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
"{D0B91047-D3C1-482D-881C-79954915FB70}" = rport=1900 | protocol=17 | dir=out 
| svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
"{D3D3DEE4-B0AD-432C-B514-632EDBC6D55D}" = lport=3587 | protocol=6 | dir=in | 
svc=p2psvc | app=c:\windows\system32\svchost.exe | 

 
"{D87D7499-C493-4DD0-95FD-46E281F69AA2}" = rport=137 | protocol=17 | dir=out 
| app=system | 

 
"{DB92054A-69D6-4997-B50A-413BD5D10A9C}" = lport=5722 | protocol=6 | dir=in | 
svc=dfsr | app=c:\windows\system32\dfsr.exe | 

 
"{DCBF6EA9-42BA-4ECF-856D-39210337B944}" = lport=3540 | protocol=17 | dir=in 
| svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

 
"{DD9AE878-5B10-42AF-BF81-DFE1710A248A}" = lport=3702 | protocol=17 | dir=in 
| svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
"{DDFCA0B8-75AF-4F23-AF6F-C48F0D8CDB08}" = rport=5358 | protocol=6 | dir=out 
| app=system | 

 
"{DF3ABF38-52FA-43CA-BDE9-F2DEACEAFC24}" = lport=10243 | protocol=6 | dir=in 
| app=system | 

 
"{E2779CEA-AD5B-4FDF-B68D-F5809AAC8E51}" = lport=808 | protocol=6 | dir=in | 
svc=nettcpactivator | 
app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 

 
"{E801A805-F46C-41A0-94F6-3DE3BBC34667}" = rport=1701 | protocol=17 | dir=out 
| app=system | 

 
"{ED1CF4D4-8514-40FC-AFF2-F073A8D4701D}" = rport=10243 | protocol=6 | dir=out 
| app=system | 

 
"{EDEDD13B-577D-4CFA-8969-52CB84A47805}" = lport=rpc | protocol=6 | dir=in | 
svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

 
"{EE570BE0-2FEB-4775-9CE2-A19444B097FF}" = lport=5357 | protocol=6 | dir=in | 
app=system | 

 
"{F31040B3-60CA-46E4-950E-00CA66347F55}" = lport=2177 | protocol=6 | dir=in | 
svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
"{FC082296-DE19-4C22-A142-573D2B46A069}" = rport=5357 | protocol=6 | dir=out 
| app=system | 

 
 

 
========== Vista Active Application Exception List ==========

 
 

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
"{023739BE-B6E7-4472-B4DE-2D30B22D1029}" = protocol=17 | dir=in | 
app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

 
"{0689CF32-82DB-49CD-BE05-139D0D4845F0}" = protocol=6 | dir=in | 
app=c:\windows\system32\wbem\unsecapp.exe | 

 
"{08C09FF0-3C8E-4BC5-B5A4-808C54673838}" = protocol=6 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{0923E99D-8D91-4106-A68F-BB45A387A2DA}" = protocol=17 | dir=in | 
app=c:\program files\common files\thunder network\kankan\xmp.exe | 

 
"{0AB3B15A-BE4B-4916-991A-E99AB3EC750B}" = protocol=17 | dir=in | 
app=c:\nexon\combat arms eu\nmservice.exe | 

 
"{0BA47710-C500-401C-B08A-64B7A4B56BF3}" = dir=in | app=c:\program 
files\pando networks\media booster\pmb.exe | 

 
"{0CDDF956-E170-41CF-9687-60FD61C7CB5E}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xlbugreport.exe | 

 
"{0E0C5035-E840-43B2-A369-D2D2CC7215B1}" = protocol=6 | dir=in | 
app=c:\nexon\combat arms eu\nmservice.exe | 

 
"{0F2353E5-2F8B-44D0-9F42-51A4C18BF365}" = protocol=6 | dir=in | 
app=c:\nexon\combat arms eu\nmservice.exe | 

 
"{1338A88A-8A20-4E34-B01A-48F5614ACEC0}" = protocol=17 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\xlbugreport.exe | 

 
"{175A3373-5DB7-424F-AAE9-E7455A527A36}" = protocol=17 | dir=in | 
app=c:\program files\windows collaboration\wincollab.exe | 

 
"{185488C0-DC8B-44CB-87E0-1BBF7AE56AD7}" = protocol=17 | dir=in | 
app=c:\programdata\nexoneu\ngm\ngm.exe | 

 
"{185FBDFE-84CD-432A-8AAE-BC447DB30FBB}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\thunder\netmon\lsp_check.exe | 

 
"{1A6ED39E-1720-4DE9-A130-8FB8D0D85487}" = protocol=17 | dir=in | 
app=c:3\steam\steamapps\timothy110\garrysmod\hl2.exe | 

 
"{1AC6C1E6-B513-44B3-A722-388CEC34C064}" = protocol=17 | dir=in | 
app=f:\steam\steam.exe | 

 
"{1DFB498B-C2B8-40ED-B879-8CFEBEABC102}" = protocol=6 | dir=in | 
app=c:\program files\bitcomet\bitcomet.exe | 

 
"{1E02B8D6-63BF-4E87-875F-E71B1EDB7A67}" = protocol=6 | dir=in | 
app=c:\ngm\ngm.exe | 

 
"{1EABD0C5-F73E-4517-8A97-3685C72AFF3D}" = protocol=17 | dir=in | 
app=c:\program files\thunder 
network\thunder\xldoctor\7.2.3.3254_3\program\xldoctorui.exe | 

 
"{1FAED33F-4783-462B-A968-F22A5CCFFE71}" = protocol=1 | dir=out | 
[email protected],-28544 | 

 
"{23B1EDCA-4E9E-4B01-B45B-E9EBF6F96689}" = protocol=6 | dir=out | 
app=c:\windows\system32\p2phost.exe | 

 
"{24125FCC-3488-4DB1-9383-85FF63E6D216}" = protocol=6 | dir=out | 
app=c:\program files\windows collaboration\wincollab.exe | 

 
"{26A03C5F-6966-4665-8147-B0153E4859C1}" = protocol=58 | dir=in | 
[email protected],-28545 | 

 
"{2767C872-F20D-42A2-A7EB-8559A9D6A0CF}" = protocol=6 | dir=in | 
app=c:\program files\ppfilm\ppfilmplayer.exe | 

 
"{279363F7-1D7C-4F1C-920E-38358ED9606D}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\thunder\program\thunderliveud.exe | 

 
"{2A2CF54D-A86D-45C0-A436-9443253583BB}" = dir=in | app=c:\program 
files\windows live\messenger\msnmsgr.exe | 

 
"{2E83A121-3277-416B-A3AD-5E792268515A}" = protocol=6 | dir=in | 
app=c:\windows\system32\p2phost.exe | 

 
"{32CCB6DB-59D0-4A38-B9C3-59D4926940C9}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\thunder\program\thunder.exe | 

 
"{359BB022-1209-4DFC-A272-0DF328CE4AD3}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\thunderliveud.exe | 

 
"{35F83013-388A-481A-8759-6D632D849684}" = dir=in | app=c:\program 
files\pando networks\media booster\pmb.exe | 

 
"{3E760B26-FD3A-4C15-AF6B-93DD41DC5630}" = protocol=17 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\thunderliveud.exe | 

 
"{3F4EBD10-E969-48A5-86FF-7AD7A8BB5519}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\thunder\program\thunderliveud.exe | 

 
"{3F5C78A2-2DA7-4F13-B203-57775257815B}" = protocol=6 | dir=in | 
app=c:\programdata\nexonus\ngm\ngm.exe | 

 
"{420C84D4-F762-47B6-B836-5819E70BEC51}" = protocol=6 | dir=out | 
app=c:\windows\system32\wudfhost.exe | 

 
"{47AC9062-B4DD-408B-A7DE-715825F20474}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\thunderliveud.exe | 

 
"{4C08A30D-AA9A-4F31-8CB4-5E42B6728110}" = protocol=17 | dir=in | 
app=c:\program files\bitcomet\bitcomet.exe | 

 
"{54120DA7-718A-4F4A-8FBE-5570C1EFD8D8}" = dir=in | app=c:\program 
files\pando networks\media booster\pmb.exe | 

 
"{5449D81F-74AC-4AAE-B1A3-C9B630E694FC}" = protocol=6 | dir=in | 
app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

 
"{564537B2-5CD3-4F08-A13A-718C0159C6C9}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe | 

 
"{58AA8BBE-E255-4C64-B87B-0520C08A17E2}" = protocol=6 | dir=in | 
app=f:\steam\steamapps\timothy110\condition zero\hl.exe | 

 
"{58E38EF0-E40B-4A1E-8083-4E69D127DF22}" = protocol=6 | dir=in | 
app=c:\programdata\nexoneu\ngm\ngm.exe | 

 
"{59B9350A-1935-4237-BD3B-1362440644F5}" = protocol=6 | dir=in | 
app=c:\windows\system32\netproj.exe | 

 
"{59D4D8B0-38A0-42C3-AC98-E73BA11A69D2}" = protocol=17 | dir=in | 
app=c:\program files\efusion\blackshot\system\blackshot.exe | 

 
"{5D3F0932-9E8D-4588-8E60-120FC91B1462}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\thunder\program\thunder.exe | 

 
"{5DD09528-EB9A-4D28-B299-2FB15C94F28F}" = protocol=6 | dir=in | 
app=c:3\steam\steamapps\timothy110\garrysmod\hl2.exe | 

 
"{5DDDCBC7-7A31-4565-AD17-3846A4A28624}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xmp.exe | 

 
"{5E47D4EF-9B14-4B62-9BC5-C1DEDD81A2AE}" = protocol=17 | dir=out | 
app=%programfiles%\windows media player\wmpnetwk.exe | 

 
"{5E5212D2-E001-4AF2-9C4D-D7F5F3F6EAFF}" = protocol=17 | dir=in | 
app=c:\programdata\nexoneu\ngm\ngm.exe | 

 
"{64E56977-B7F0-4AB9-AC4F-6407E4E8B737}" = protocol=6 | dir=out | 
svc=upnphost | app=%systemroot%\system32\svchost.exe | 

 
"{67DAEEAC-C42D-44ED-8785-C035F7A48F3D}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xmp.exe | 

 
"{6C3C7EC6-970A-4A58-A0E4-AD453C5B4AE4}" = protocol=17 | dir=in | 
app=c:\windows\system32\pnkbstrb.exe | 

 
"{6C4A2F42-4823-4C21-8CB7-996577BB2DA9}" = protocol=6 | dir=out | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{6CC8C6C6-4A7C-4F39-9123-12C1FE9F8BB9}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xmp.exe | 

 
"{6E8847DE-33FE-433E-BD6C-268A09284E8C}" = protocol=6 | dir=out | 
app=c:\windows\system32\netproj.exe | 

 
"{7181E810-7213-431A-BD07-AC004C917A4A}" = protocol=6 | dir=in | 
app=c:\windows\system32\pnkbstra.exe | 

 
"{71AF470D-5691-477A-9381-62E5B369EC34}" = protocol=6 | dir=in | 
app=c:\program files\efusion\blackshot\system\blackshot.exe | 

 
"{72C4277A-AD5F-434C-BCB2-331D6D99FB2B}" = dir=in | app=c:\program 
files\pando networks\media booster\pmb.exe | 

 
"{7A27B0D5-64C0-4DD5-863C-CC3A4520B33E}" = protocol=17 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{7A2A2E77-5FB3-46AA-9939-6719CC1DEFC3}" = protocol=17 | dir=in | 
app=f:\steam\steamapps\timothy110\condition zero\hl.exe | 

 
"{7F6DA9CD-F74B-4DAE-B370-AA26DFF8D419}" = protocol=17 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{7FB8056B-1AE4-471C-B2C1-0EB235AD3949}" = protocol=6 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\xlbugreport.exe | 

 
"{80E01034-8633-4E06-8F9A-12EB03A23089}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe | 

 
"{8321C0D6-4F97-4BA3-A1E0-9811FDCE8C5A}" = protocol=6 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\thunderliveud.exe | 

 
"{83461DC4-AE2D-43EB-8244-AC1FA35F61DA}" = protocol=17 | dir=in | 
app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe 
| 

 
"{842A341B-236D-4276-88EA-E64060AE46F5}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xlbugreport.exe | 

 
"{84E45547-8B79-4796-976E-730CF8C397EE}" = protocol=6 | dir=in | 
app=c:\program files\ppfilm\kmliveupdate.exe | 

 
"{85CBF751-D3F8-4C94-8AA1-524D1CA68D90}" = protocol=17 | dir=in | 
app=%programfiles%\windows media player\wmpnetwk.exe | 

 
"{8AC237B4-55F8-4526-BE77-EB44017A7773}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xlbugreport.exe | 

 
"{8CB92D21-0A53-4E7C-91C3-A0AF47ED23FA}" = protocol=17 | dir=in | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{8CB95D1E-28D2-4992-ABEF-F3CFCC3126F2}" = protocol=6 | dir=out | 
svc=upnphost | app=%systemroot%\system32\svchost.exe | 

 
"{8D80321E-F695-411D-903C-333AB30D9C2C}" = dir=in | app=c:\program 
files\windows live\sync\windowslivesync.exe | 

 
"{901FAF35-848E-433A-8241-73CC5021F5AF}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xmp.exe | 

 
"{95D151FE-C529-421B-B683-0CB05D9CC7C0}" = protocol=17 | dir=out | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{95F4FC75-7DC8-47C9-A7AA-450425506A37}" = protocol=17 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{9ABB11E1-CA86-4C2D-A73D-CDA9303D664D}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\xlbugreport.exe | 

 
"{9D62BBD4-5EC6-4ECE-9466-8469B5C59DEC}" = protocol=6 | dir=out | 
app=%programfiles%\windows media player\wmpnetwk.exe | 

 
"{9F2F7524-6728-4DE8-9D13-1DCF799B9E9C}" = protocol=6 | dir=in | 
app=c:\program files\efusion\blackshot\system\blackshot.exe | 

 
"{A2EA0760-64D3-475E-8BAF-99D28DC3B096}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe | 

 
"{A5D39F25-C145-4570-BE5C-671CE4F09287}" = protocol=6 | dir=out | 
svc=upnphost | app=c:\windows\system32\svchost.exe | 

 
"{A85B48EE-D263-4762-B82D-B0003E615D8B}" = protocol=6 | dir=out | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{A947B76A-20DB-4E9D-88EC-49E3B05CAE50}" = protocol=58 | dir=out | 
[email protected],-28546 | 

 
"{A956E5F2-B1FA-4BF1-9D32-E8B7FCBC1A9F}" = protocol=6 | dir=in | 
app=c:\program files\thunder 
network\thunder\xldoctor\7.2.3.3254_3\program\xldoctorui.exe | 

 
"{AD66A91A-7D42-4420-849F-A8E1CD3329B7}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\thunder\netmon\lsp_check.exe | 

 
"{B1B07C10-C764-4DF3-8440-2914DA51865D}" = protocol=6 | dir=in | 
app=%programfiles%\windows media player\wmpnetwk.exe | 

 
"{B26AACDB-93FF-4AA3-AFE0-93230FE1B1DD}" = protocol=17 | dir=in | 
app=c:\program files\skype\phone\skype.exe | 

 
"{B846349B-B0D7-4BE4-9EAC-D4C72D64F012}" = protocol=17 | dir=in | 
app=c:\ngm\ngm.exe | 

 
"{B8A93C14-307B-4FFF-98A9-D25FC590B519}" = protocol=6 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{BAA762D7-B163-4686-BEAF-D06E6F4782E2}" = protocol=6 | dir=in | 
app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe | 

 
"{BD9CFE23-5707-4ED8-969A-47122F7CABC6}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe | 

 
"{C3391562-F7CD-4540-9975-80A9A932D179}" = protocol=17 | dir=in | 
app=c:\nexon\combat arms eu\nmservice.exe | 

 
"{CC725743-CB63-498A-BBCF-85BCCDE3C531}" = protocol=17 | dir=in | 
app=c:\programdata\nexonus\ngm\ngm.exe | 

 
"{CE0B8B75-21E6-4328-98DB-BB033137E069}" = protocol=17 | dir=out | 
app=c:\program files\windows collaboration\wincollab.exe | 

 
"{CED977E2-61EE-46C0-9457-94FB3B6DB905}" = protocol=17 | dir=in | 
app=c:\program files\efusion\blackshot\system\blackshot.exe | 

 
"{CF87E301-0F97-48BC-B606-9436C529A230}" = protocol=6 | dir=in | 
app=f:\steam\steam.exe | 

 
"{D19F6450-7A63-4A8C-B26D-A866E945418B}" = protocol=6 | dir=in | svc=winmgmt 
| app=c:\windows\system32\svchost.exe | 

 
"{D26EFA0D-8B43-429F-AF7A-C840E107C528}" = protocol=6 | dir=in | 
app=c:\program files\windows collaboration\wincollab.exe | 

 
"{D2C8F21E-915B-47BB-857A-C285DB48149E}" = protocol=6 | dir=in | 
app=c:\program files\lucasarts\star wars republic 
commando\gamedata\system\swrepubliccommando.exe | 

 
"{D32C0BF2-9E1E-40BC-BAFD-7B0E9E5D2DDD}" = protocol=1 | dir=in | 
[email protected],-28543 | 

 
"{D572880B-CDDD-4B8E-A156-D610398D821B}" = protocol=6 | dir=in | 
app=c:\program files\pando networks\media booster\pmb.exe | 

 
"{D5D36359-63BF-4B54-8AE3-BAC602AF2C58}" = protocol=6 | dir=in | 
app=c:\program files\thunder network\xmp4\program\thunderliveud.exe | 

 
"{D76EEADC-27C9-4870-A7EB-92379D5754C9}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\xmp4\program\thunderliveud.exe | 

 
"{D79DD442-B0E5-4718-8A45-8E51AE787997}" = protocol=6 | dir=in | 
app=c:\program files\common files\thunder network\kankan\xmp.exe | 

 
"{D851830E-922D-4C94-9330-38567FE8D140}" = protocol=6 | dir=in | 
app=c:\programdata\nexoneu\ngm\ngm.exe | 

 
"{DB047F4D-999A-4E6B-91FC-C5DF2D322252}" = protocol=17 | dir=in | 
app=c:\program files\ijji\ijji reactor\ijjioptimizer.exe | 

 
"{DB88F45B-6A1D-43F8-8EFA-92383E177D6D}" = protocol=17 | dir=in | 
app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe | 

 
"{DD0E726C-EB14-435C-B816-AFF8F372E7C7}" = protocol=6 | dir=out | app=system 
| 

 
"{DFCF83F4-FD4D-407C-ADB7-140B0CF97AA4}" = protocol=17 | dir=in | 
app=c:\program files\ppfilm\jfcachemgr.exe | 

 
"{E6B545CD-1439-4FBF-95D9-953EFF0FE0F9}" = protocol=6 | dir=in | 
app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe 
| 

 
"{E784116C-3A93-42E2-8B8F-D9345AD95AB5}" = protocol=17 | dir=out | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{E92D1FFD-8C41-4FE7-8D5E-38686D6356F2}" = protocol=6 | dir=out | app=system 
| 

 
"{EAE61D36-5BB4-4450-BD61-AF7F25F1E670}" = protocol=17 | dir=in | 
app=c:\windows\system32\pnkbstra.exe | 

 
"{EBFB7C7B-D42D-498E-9AAF-2DB9C17210F5}" = dir=in | app=c:\program 
files\pando networks\media booster\pmb.exe | 

 
"{EE18D380-DD41-4770-9EE5-4FED1064DD33}" = protocol=6 | dir=in | 
app=c:\windows\system32\pnkbstrb.exe | 

 
"{F576E7FD-25BD-44AF-B6FF-1782FF06F5BF}" = protocol=17 | dir=in | 
app=%programfiles%\windows media player\wmplayer.exe | 

 
"{F7BC5E02-B3F5-422C-9146-57666607D0F4}" = protocol=17 | dir=in | 
app=c:\program files\ppfilm\kmliveupdate.exe | 

 
"{F8C713E6-11CF-4F08-925B-E28B3AC41D9E}" = protocol=6 | dir=in | 
app=c:\program files\ppfilm\jfcachemgr.exe | 

 
"{F971998F-67D9-4F1F-B3C4-27B3C9DC06EC}" = protocol=6 | dir=out | svc=winmgmt 
| app=c:\windows\system32\svchost.exe | 

 
"{FAA76B47-E161-4823-9A15-1B20197DF2CB}" = protocol=6 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\thunderplatform.exe | 

 
"{FD50258B-3D8E-4638-A7AD-DBF01699EB33}" = protocol=17 | dir=in | 
app=c:\program files\ppfilm\ppfilmplayer.exe | 

 
"{FD73C5FB-8524-4527-8265-C176B32B6E2C}" = protocol=17 | dir=in | 
app=c:\program files\common files\thunder 
network\tp\ver1\1.1.2.84_1111\thunderplatform.exe | 

 
"TCP Query User{03380FA6-A8F3-431B-9F3F-70F06365D321}C:4\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=6 | dir=in | app=c:4\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"TCP Query User{0713C41F-F3E1-4801-B506-296DBADE28CF}C:\program 
files\valve\steam\steamapps\timothy110\condition zero\hl.exe" = protocol=6 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\condition 
zero\hl.exe | 

 
"TCP Query User{09A4FE9F-86D0-4FC1-B2D1-BAA410E333DF}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike\hl.exe" = protocol=6 | 
dir=in | app=c:\program 
files\valve\steam\steamapps\timothy110\counter-strike\hl.exe | 

 
"TCP Query User{0D4EFFC0-9382-4F36-A47E-7E5DD4A10A1E}C:\program 
files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program 
files\java\jre6\bin\java.exe | 

 
"TCP Query User{0ED04211-46C2-4D86-AF78-A6D6E986301B}C:0\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:0\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"TCP Query User{13090BAE-64C1-4D2D-9D43-88F67BCB5263}C:\program files\common 
files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program 
files\common files\pplivenetwork\ppap.exe | 

 
"TCP Query User{195BD341-6EE1-4507-83FD-68240ADBBD4E}C:\program 
files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | 
app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

 
"TCP Query 
User{19857098-A08B-4651-B892-2FD56489AD7F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" 
= protocol=6 | dir=in | 
app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

 
"TCP Query 
User{21D7E6E4-86BD-4454-8415-8F840100BE50}C:\users\pok\desktop\program\thunderplatform.exe" 
= protocol=6 | dir=in | app=c:\users\pok\desktop\program\thunderplatform.exe | 


 
"TCP Query User{23B2C1B1-E2B1-4EED-AB7D-87C11BEAF71E}C:1\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:1\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"TCP Query User{255B893C-A352-458C-A558-3D31E9CD92C7}C:\program 
files\hdplayer\hdplayer.exe" = protocol=6 | dir=in | app=c:\program 
files\hdplayer\hdplayer.exe | 

 
"TCP Query 
User{257C5729-4412-40D4-B86F-7C015BBDD5D0}C:\users\josephine\appdata\roaming\octoshape\octoshape 
streaming services\octoshapeclient.exe" = protocol=6 | dir=in | 
app=c:\users\josephine\appdata\roaming\octoshape\octoshape streaming 
services\octoshapeclient.exe | 

 
"TCP Query 
User{28682F9A-6A7D-4B26-8DD2-A96422A2E9FF}C:\users\josephine\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" 
= protocol=6 | dir=in | 
app=c:\users\josephine\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe 
| 

 
"TCP Query 
User{30C255C4-2BA8-40EF-BB3E-0D7E2F8B313C}C:\qvodplayer\qvodterminal.exe" = 
protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe | 

 
"TCP Query User{31F20396-963A-4A46-8475-D6152BE1A76A}C:\users\pok\program 
files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pok\program 
files\dna\btdna.exe | 

 
"TCP Query 
User{43235EAF-144B-4192-A524-61776354E7F1}C:\users\josephine\appdata\local\akamai\netsession_win.exe" 
= protocol=6 | dir=in | 
app=c:\users\josephine\appdata\local\akamai\netsession_win.exe | 

 
"TCP Query User{4EC94DB9-D9A6-46A6-864E-5D794DDE60DB}C:2\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:2\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"TCP Query User{5BAEC055-DC64-4128-A425-5219064C8634}C:2\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=6 | dir=in | app=c:2\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"TCP Query User{5D442473-084A-4568-83C1-D56FDF7F5D92}C:\program files\gamespy 
arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy 
arcade\aphex.exe | 

 
"TCP Query User{66DA58C9-023B-4A5B-8E91-2C1169CE0215}C:\program 
files\valve\steam\steamapps\timothy110\dedicated server\hlds.exe" = protocol=6 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\dedicated 
server\hlds.exe | 

 
"TCP Query User{702EDE20-4A71-4993-9834-68F76B826324}C:\program 
files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program 
files\bitcomet\bitcomet.exe | 

 
"TCP Query 
User{716647C7-976B-4A23-AAAC-5821E2B62EC3}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" 
= protocol=6 | dir=in | 
app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

 
"TCP Query User{75CF5892-C303-4577-B9F9-13809F5EE931}C:\program 
files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | 
app=c:\program files\google\google earth\client\googleearth.exe | 

 
"TCP Query User{7E83B50C-0AC5-4EAB-82BA-7E6E4B32337E}C:\program 
files\valve\steam\steamapps\timothy110\deathmatch classic\hl.exe" = protocol=6 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\deathmatch 
classic\hl.exe | 

 
"TCP Query User{7F6624F2-18B7-4135-9D00-3FBEEC3645ED}C:\program 
files\valve\steam\steamapps\timothy110\ricochet\hl.exe" = protocol=6 | dir=in | 
app=c:\program files\valve\steam\steamapps\timothy110\ricochet\hl.exe | 

 
"TCP Query 
User{8AA5998F-BCEB-497A-8564-7F50BDA0D88D}C:\users\josephine\appdata\roaming\octoshape\octoshape 
streaming services\octoshapeclient.exe" = protocol=6 | dir=in | 
app=c:\users\josephine\appdata\roaming\octoshape\octoshape streaming 
services\octoshapeclient.exe | 

 
"TCP Query 
User{8B5CA73F-0BC3-45E3-9644-872F0151A151}C:\aeriagames\wolfteam\wolfteam.bin" = 
protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 

 
"TCP Query 
User{B5595B25-044F-4371-AE84-245C1CB76881}C:\users\josephine\program 
files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\josephine\program 
files\dna\btdna.exe | 

 
"TCP Query 
User{C3B8C8E0-3633-48B7-97CC-B79AA6756B24}C:\qvodplayer\qvodterminal.exe" = 
protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe | 

 
"TCP Query 
User{C54849FD-0EBD-41F4-AF88-CA80AE3C1DB2}C:\aeriagames\wolfteam\wolfteam.bin" = 
protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 

 
"TCP Query User{C8FFB8C4-A4CD-4BC1-98EF-77465C90B410}C:\program 
files\valve\steam\steamapps\timothy110\day of defeat\hl.exe" = protocol=6 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\day of 
defeat\hl.exe | 

 
"TCP Query 
User{D2E81519-C888-41C8-B233-81AFAFB8B57A}C:\users\pok\desktop\program\thunderplatform.exe" 
= protocol=6 | dir=in | app=c:\users\pok\desktop\program\thunderplatform.exe | 


 
"TCP Query User{D41A5045-5FEA-4E8F-8FAC-402887DABFC3}C:\program 
files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program 
files\java\jre6\bin\javaw.exe | 

 
"TCP Query User{DE0814A3-F880-4FB5-84C4-D09E9D7EB283}C:\program 
files\roozz\roozznhostsvc.exe" = protocol=6 | dir=in | app=c:\program 
files\roozz\roozznhostsvc.exe | 

 
"TCP Query User{DFADC9A7-EE55-475C-8F5F-78A89531AB82}C:\users\pok\program 
files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pok\program 
files\dna\btdna.exe | 

 
"TCP Query User{E0119D4B-D7BE-4A7B-B905-8FFBE71BAEF7}C:1\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:1\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"TCP Query User{E3305626-BA39-46A4-9534-F43CD6D6EF0E}C:\program 
files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | 
app=c:\program files\google\google earth\client\googleearth.exe | 

 
"TCP Query User{E34F8DA9-3AEF-4D4A-A799-2E2B739AE66B}C:\program 
files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program 
files\java\jre6\bin\javaw.exe | 

 
"TCP Query User{E6080D30-217F-4F16-A17B-608C6E5E0C19}N:\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=6 | dir=in | app=n:\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"TCP Query User{F31AADCB-49C8-4F27-8051-0C126171DC32}C:\program files\mozilla 
firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla 
firefox\firefox.exe | 

 
"TCP Query User{F4EA701A-7DD1-4AF0-A98D-BD77F782B2D3}C:4\halo portable 
v2\haloce.exe" = protocol=6 | dir=in | app=c:4\halo portable v2\haloce.exe | 


 
"TCP Query User{F6645EA3-3881-4B05-B8C8-AB6BD027F2D2}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike beta\hl.exe" = protocol=6 
| dir=in | app=c:\program files\valve\steam\steamapps\timothy110\counter-strike 
beta\hl.exe | 

 
"TCP Query User{F6675A35-0F0A-4146-A05B-A2D916FAEC9F}C:\program files\common 
files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program 
files\common files\pplivenetwork\ppap.exe | 

 
"TCP Query User{F89040FC-952B-4CEC-8FD6-1AEC3C61BBAB}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike source\hl2.exe" = 
protocol=6 | dir=in | app=c:\program 
files\valve\steam\steamapps\timothy110\counter-strike source\hl2.exe | 

 
"UDP Query User{06EA8EB5-F84E-42D8-B01A-179790275A64}C:\program 
files\valve\steam\steamapps\timothy110\dedicated server\hlds.exe" = protocol=17 
| dir=in | app=c:\program files\valve\steam\steamapps\timothy110\dedicated 
server\hlds.exe | 

 
"UDP Query User{0DCA785E-530F-4B77-A82F-D2846C5D6E6A}C:\program files\gamespy 
arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy 
arcade\aphex.exe | 

 
"UDP Query User{188A9E74-6DE3-42BC-9AB3-5B751E34FB28}C:\program 
files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program 
files\bitcomet\bitcomet.exe | 

 
"UDP Query User{21E405F4-B2FF-44BF-B3A1-D397482EA6A5}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike\hl.exe" = protocol=17 | 
dir=in | app=c:\program 
files\valve\steam\steamapps\timothy110\counter-strike\hl.exe | 

 
"UDP Query User{23B57026-4405-4173-81E5-52C737B7FC40}C:\program files\common 
files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program 
files\common files\pplivenetwork\ppap.exe | 

 
"UDP Query 
User{2743CE4F-860D-4D01-AE53-6F0899C3FA6B}C:\users\josephine\appdata\local\akamai\netsession_win.exe" 
= protocol=17 | dir=in | 
app=c:\users\josephine\appdata\local\akamai\netsession_win.exe | 

 
"UDP Query 
User{281AA14A-0048-49DC-BEBC-186BC9B9ACE6}C:\users\pok\desktop\program\thunderplatform.exe" 
= protocol=17 | dir=in | app=c:\users\pok\desktop\program\thunderplatform.exe | 


 
"UDP Query 
User{2979717C-D4A3-4973-83CA-5F6ABBE02397}C:\users\josephine\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" 
= protocol=17 | dir=in | 
app=c:\users\josephine\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe 
| 

 
"UDP Query User{30FA48F8-203F-49D4-A534-4E6F2F133F5D}C:\program 
files\roozz\roozznhostsvc.exe" = protocol=17 | dir=in | app=c:\program 
files\roozz\roozznhostsvc.exe | 

 
"UDP Query User{34817CC2-5564-42B7-8F14-71C2C4FDEDF0}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike beta\hl.exe" = protocol=17 
| dir=in | app=c:\program files\valve\steam\steamapps\timothy110\counter-strike 
beta\hl.exe | 

 
"UDP Query User{3FA16477-9DDB-4F52-96B4-7B66BB8C6ED4}C:\program 
files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | 
app=c:\program files\google\google earth\client\googleearth.exe | 

 
"UDP Query User{418A4C5E-F5E2-4270-ABF4-DC86027EFCAE}C:4\halo portable 
v2\haloce.exe" = protocol=17 | dir=in | app=c:4\halo portable v2\haloce.exe | 


 
"UDP Query User{4212FD74-0BAC-49B4-848D-3A74299ECE32}C:\program files\mozilla 
firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla 
firefox\firefox.exe | 

 
"UDP Query User{4EAD62BF-8352-468A-9785-733A83799AC2}C:\program 
files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program 
files\java\jre6\bin\javaw.exe | 

 
"UDP Query 
User{51BBF25C-E66E-4D56-B72C-A3623B345EF7}C:\aeriagames\wolfteam\wolfteam.bin" = 
protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 

 
"UDP Query User{55511A00-4E10-45D8-8EFB-D23056493642}C:1\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:1\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"UDP Query User{561FEE68-3613-4696-8EAA-02B1ECF1A880}C:\program 
files\valve\steam\steamapps\timothy110\day of defeat\hl.exe" = protocol=17 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\day of 
defeat\hl.exe | 

 
"UDP Query User{6942607C-2EBC-40AD-A24D-03814C645513}C:1\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:1\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"UDP Query User{6A100FF1-0E11-4A3D-B1E3-895F5CD9B774}N:\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=17 | dir=in | app=n:\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"UDP Query User{6B2AE0D1-11ED-4E13-BC0F-3F81E8532B3F}C:2\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=17 | dir=in | app=c:2\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"UDP Query 
User{79C41B37-45DA-4D6C-AA98-5576A9939EA3}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" 
= protocol=17 | dir=in | 
app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

 
"UDP Query 
User{7B0D823F-2AAA-46FF-BFFB-D315828D5434}C:\qvodplayer\qvodterminal.exe" = 
protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe | 

 
"UDP Query User{8BB4F8D9-DD3A-40C6-BEA0-AF87C0C6A816}C:\program 
files\valve\steam\steamapps\timothy110\ricochet\hl.exe" = protocol=17 | dir=in | 
app=c:\program files\valve\steam\steamapps\timothy110\ricochet\hl.exe | 

 
"UDP Query 
User{8CBB7722-BCB7-4ABC-8BAE-7615C1AB0BBF}C:\aeriagames\wolfteam\wolfteam.bin" = 
protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 

 
"UDP Query User{8DCC01A8-7083-490D-81DD-173D00C10535}C:\program 
files\hdplayer\hdplayer.exe" = protocol=17 | dir=in | app=c:\program 
files\hdplayer\hdplayer.exe | 

 
"UDP Query 
User{922A8500-A113-4FDA-8B4D-CAF1824D515D}C:\users\josephine\program 
files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\josephine\program 
files\dna\btdna.exe | 

 
"UDP Query User{97DA6F71-D7F2-4C21-9BA0-63E2E306D6BE}C:0\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:0\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"UDP Query User{A3602F35-8C14-4920-870C-365A50B949DA}C:2\dawn of war\dawn of 
war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:2\dawn of war\dawn 
of war - soulstorm\soulstorm.exe | 

 
"UDP Query User{A3BBBCDA-42D7-427C-805C-434116BCC7EB}C:\program 
files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program 
files\java\jre6\bin\java.exe | 

 
"UDP Query User{A3DCF201-EF00-4420-9E86-E3378F9D41F1}C:4\dow portable 
gk13\dawn of war portable\dow\w40k.exe" = protocol=17 | dir=in | app=c:4\dow 
portable gk13\dawn of war portable\dow\w40k.exe | 

 
"UDP Query User{A5546CB0-7081-4062-9F9B-489CC15E8021}C:\users\josephine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\josephine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 

 
"UDP Query User{A9A57382-4F96-46C3-A420-1A7886D5F02C}C:\program files\common 
files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program 
files\common files\pplivenetwork\ppap.exe | 

 
"UDP Query User{AC7944FB-1213-4683-9C6D-EDDE87E3CFBC}C:\program 
files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program 
files\java\jre6\bin\javaw.exe | 

 
"UDP Query 
User{B791F037-C229-47C5-B94E-2592946114FE}C:\qvodplayer\qvodterminal.exe" = 
protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe | 

 
"UDP Query User{BA8BFFB3-AC2E-463A-A0A1-147139855222}C:\program 
files\valve\steam\steamapps\timothy110\deathmatch classic\hl.exe" = protocol=17 
| dir=in | app=c:\program files\valve\steam\steamapps\timothy110\deathmatch 
classic\hl.exe | 

 
"UDP Query 
User{DDAEB212-DF9B-42B6-BA37-2788C993BD5B}C:\users\josephine\appdata\roaming\octoshape\octoshape 
streaming services\octoshapeclient.exe" = protocol=17 | dir=in | 
app=c:\users\josephine\appdata\roaming\octoshape\octoshape streaming 
services\octoshapeclient.exe | 

 
"UDP Query User{E40585F6-4216-4F6B-968B-14388246D118}C:\program 
files\valve\steam\steamapps\timothy110\condition zero\hl.exe" = protocol=17 | 
dir=in | app=c:\program files\valve\steam\steamapps\timothy110\condition 
zero\hl.exe | 

 
"UDP Query User{F258C470-552D-4857-9057-5A1CEAF68251}C:\users\pok\program 
files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pok\program 
files\dna\btdna.exe | 

 
"UDP Query 
User{F2A4A810-12FB-44C2-A9D7-65461AB52199}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" 
= protocol=17 | dir=in | 
app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 

 
"UDP Query User{F35108A8-02D2-4B97-B7F5-F4F524F36A79}C:\program 
files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | 
app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 

 
"UDP Query User{F7B64D47-CDED-4590-BB04-E69D8A5D52AC}C:\program 
files\valve\steam\steamapps\timothy110\counter-strike source\hl2.exe" = 
protocol=17 | dir=in | app=c:\program 
files\valve\steam\steamapps\timothy110\counter-strike source\hl2.exe | 

 
"UDP Query User{F8A77766-9044-4C8D-AA1E-D22C5D079B9A}C:\users\pok\program 
files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pok\program 
files\dna\btdna.exe | 

 
"UDP Query User{FA43ADAB-D2D5-41C9-B3B5-18CEDB114672}C:\program 
files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | 
app=c:\program files\google\google earth\client\googleearth.exe | 

 
"UDP Query 
User{FFD8CCE9-068D-4B78-A715-5BA71491F32E}C:\users\pok\desktop\program\thunderplatform.exe" 
= protocol=17 | dir=in | app=c:\users\pok\desktop\program\thunderplatform.exe | 


 
 

 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL 
Update kb973924 - x86 9.0.30729.4148

 
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver

 
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

 
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement 
Pack

 
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in 
Assistant

 
"{09645A82-CCCF-4AC6-82A3-D01E06BAC701}" = TI-SmartView™- Probeerversie

 
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 
Extended

 
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE

 
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

 
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

 
"{10106AA7-38E7-4348-8396-9F535DF763EF}" = MSTPCRT

 
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 
Language Pack SP1 - nld

 
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300" = Canon iP3300

 
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

 
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

 
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

 
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet 
Explorer

 
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 
Redistributable - 10.0.30319

 
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 
Redistributable - x86 9.0.30729.4148

 
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

 
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor 
uploaden

 
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet 
Explorer

 
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 
6.33

 
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 
8.0

 
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client 
Profile NLD Language Pack

 
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home 
Cinema v1.4.2499.0

 
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29

 
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail

 
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 
3

 
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework 
Redistributable 4.0

 
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

 
"{31624D5D-1FEA-4FDB-A2EF-AAFA99F5211D}" = Windows Live Toolbar Feedzoeker 
(Windows Live Toolbar)

 
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications 
Platform

 
"{32061277-9F45-4C3B-8299-D106D5A502ED}" = Windows Live Movie Maker

 
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer

 
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

 
"{388D1ED3-02EB-4CFD-A46D-7F6B8E3B9109}" = ebgcRes

 
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

 
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra

 
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 
SP2 ENU

 
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client 
Profile

 
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

 
"{41DFDD57-21B7-4C48-8C75-FFB35696CA8B}" = Windows Live Toolbar

 
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

 
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows 
Marketplace

 
"{53B2D537-21CF-44D5-A03A-0DAF993B5728}" = ebgcSDK

 
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

 
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

 
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 
1.3

 
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.6.2

 
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

 
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

 
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext

 
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

 
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

 
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox 
Plugin

 
"{6ABA8CC0-E3DE-4434-A7C7-180E153429B4}" = Unified Remote

 
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0

 
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

 
"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery

 
"{709BE387-FFDD-4693-A895-76B539E20B47}" = EVU Pre-int & int

 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 
Redistributable

 
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

 
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

 
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL 
Update kb973923 - x86 8.0.50727.4053

 
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100

 
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

 
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 
Redistributable - KB2467174 - x86 9.0.30729.5570

 
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01

 
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

 
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime 
Native v1.0 (x86)

 
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi

 
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

 
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5

 
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

 
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge 
Modules

 
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 
2007

 
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" 
= Security Update for Microsoft Office system 2007 (972581)

 
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI 
(Dutch) 2007

 
"{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 
2007

 
"{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI 
(Dutch) 2007

 
"{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI 
(Dutch) 2007

 
"{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI 
(Dutch) 2007

 
"{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 
2007

 
"{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 
2007

 
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" 
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

 
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 
2007

 
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" 
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

 
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 
2007

 
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" 
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

 
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 
2007

 
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" 
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

 
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 
2007

 
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI 
(Dutch) 2007

 
"{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI 
(Dutch) 2007

 
"{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" 
= Microsoft Office 2007 Service Pack 2 (SP2)

 
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage 
Manager

 
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

 
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

 
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error 
Reporting

 
"{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook 
Connector

 
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

 
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

 
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

 
"{996F79F5-2ABF-4B9D-A0C0-ACD046AA8008}" = ArcSoft ShowBiz DVD 2

 
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 
Redistributable - x86 9.0.30729.17

 
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

 
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 
Redistributable - x86 9.0.30729.6161

 
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

 
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software

 
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 
Redistributable - KB2467175

 
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works

 
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

 
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

 
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

 
"{A72FC039-FE41-4BAD-B36E-64368EC54B54}" = ArcSoft MediaConverter 2.5

 
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6

 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

 
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

 
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

 
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience 
Enhancements

 
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - 
Nederlands

 
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support 
For Adobe Reader 8

 
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For 
Adobe Reader 8

 
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe 
Reader 9

 
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help

 
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

 
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

 
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

 
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare

 
"{BC5E28DB-A496-415F-9BCF-374AE8E33AB5}" = ArcSoft TotalMedia Extreme

 
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services 
Native v1.0 (x86)

 
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

 
"{C1EDC38F-2760-4A4E-9CED-95B53024134C}" = VersionTracker Pro Windows

 
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call

 
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

 
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

 
"{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}" = Windows Live Family Safety

 
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger

 
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 
SP1

 
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

 
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

 
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 
2009)

 
"{DC54F2F8-C26F-4D22-B92D-7075BC626106}" = Smart Menu's (Windows Live 
Toolbar)

 
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min

 
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3

 
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando

 
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

 
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync

 
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

 
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

 
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials

 
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow

 
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact 
Edition [ENU]

 
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

 
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio 
Driver

 
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components 
Installer

 
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE 
Redistributable

 
"{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}" = PenPowerJR

 
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

 
"Adobe AIR" = Adobe AIR

 
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

 
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

 
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

 
"Advanced SystemCare 5_is1" = Advanced SystemCare 5

 
"AhnLab Online Security" = AhnLab Online Security

 
"Akamai" = Akamai NetSession Interface Service

 
"Ask Toolbar_is1" = Ask Toolbar

 
"BitComet" = BitComet 1.26

 
"BlackShot" = BlackShot

 
"CCleaner" = CCleaner

 
"Combat Arms" = Combat Arms

 
"Combat Arms EU" = Combat Arms EU

 
"DAEMON Tools Lite" = DAEMON Tools Lite

 
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11

 
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.830

 
"Game Booster_is1" = Game Booster 3

 
"GamersFirst LIVE!" = GamersFirst LIVE!

 
"GameSpy Arcade" = GameSpy Arcade

 
"Google Chrome" = Google Chrome

 
"Google Desktop" = Google Desktop

 
"Google Updater" = Google Updater

 
"HDMI" = Intel(R) Graphics Media Accelerator Driver

 
"HDPlayer" = HDPlayer 3.3.2

 
"Hide Window Hotkey" = Hide Window Hotkey

 
"hotpot_is1" = HotPotatoes v 6.3.0.4

 
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

 
"HP Photosmart Essential" = HP Photosmart Essential 2.0

 
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

 
"HPExtendedCapabilities" = HP Customer Participation Program 8.0

 
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video 
Driver

 
"InterActual Player" = InterActual Player

 
"IObit Malware Fighter_is1" = IObit Malware Fighter

 
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)

 
"LogMeIn Hamachi" = LogMeIn Hamachi

 
"McAfee Security Scan" = McAfee Security Scan Plus

 
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor 
Microsoft .NET Framework 3.5 SP1 - NL

 
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

 
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 
Client Profile

 
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket 
voor Microsoft .NET Framework 4 Client Profile - NLD

 
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 
Extended

 
"Mozilla Firefox 8.0 (x86 nl)" = Mozilla Firefox 8.0 (x86 nl)

 
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

 
"PandoraRecovery" = PandoraRecovery (Remove Only)

 
"PC-Doctor 5 for Windows" = Diagnostisch hulpprogramma voor hardware

 
"PhotoScape" = PhotoScape

 
"Picasa2" = Picasa 2

 
"PlatinumHideIP" = Platinum Hide IP

 
"Player" = Player

 
"PPLive" = PPTV V3.0.2.0011

 
"PROPLUS" = Microsoft Office Professional Plus 2007

 
"QvodPlayer" = QvodPlayer 5.0.77

 
"RealArcade 1.2" = RealArcade

 
"Roozz plugin_is1" = Roozz plugin 2.5.5

 
"Sandboxie" = Sandboxie 3.58 (32-bit)

 
"Shop for HP Supplies" = Shop for HP Supplies

 
"Smart Defrag 2_is1" = Smart Defrag 2

 
"Tencent Browser Helper" = SOSO AddressBar Search

 
"thunder_is1" = ѸÀ×7

 
"TightSlip" = TightSlip

 
"TomTom HOME" = TomTom HOME 2.7.3.1894

 
"WinGimp-2.0_is1" = GIMP 2.6.11

 
"WinLiveSuite_Wave3" = Windows Live Essentials

 
"WinRAR archiver" = WinRAR archiver

 
"WolfTeam" = WolfTeam

 
"Yahoo! Companion" = Yahoo! 工具列

 
"Yahoo! Internet Mail" = Yahoo! Internet Mail

 
"Yahoo! Messenger" = Yahoo! Messenger

 
"Yahoo! Search Defender" = Yahoo! Search Protection

 
"Yahoo! Software Update" = Yahoo! Software Update

 
"迅雷看看播放器" = 迅雷看看播放器

 
"迅雷看看高清播放组件" = 迅雷看看高清播放组件

 
 

 
========== Last 10 Event Log Errors ==========

 
 

 
Error reading Event Logs: The Event Service is not operating properly or the 
Event Logs are corrupt!

 
 

 
< End of report >

 
 

 
and here is OTL.Txt

 
 

 
 

 
OTL logfile created on: 9/12/2011 13:38:05 - Run 1

 
OTL by OldTimer - Version 3.2.31.0     Folder = 
C:\Users\Timothy_2\Desktop

 
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type 
= NTWorkstation

 
Internet Explorer (Version = 9.0.8112.16421)

 
Locale: 00000813 | Country: België | Language: NLB | Date Format: 
d/MM/yyyy

 
 

 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,83% 
Memory free

 
4,21 Gb Paging File | 3,09 Gb Available in Paging File | 73,37% Paging File 
free

 
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 
 

 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program 
Files

 
Drive C: | 458,44 Gb Total Space | 237,50 Gb Free Space | 51,81% Space Free | 
Partition Type: NTFS

 
Drive D: | 7,32 Gb Total Space | 1,25 Gb Free Space | 17,11% Space Free | 
Partition Type: NTFS

 
Drive E: | 141,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | 
Partition Type: UDF

 
Drive K: | 465,65 Gb Total Space | 68,13 Gb Free Space | 14,63% Space Free | 
Partition Type: FAT32

 
Drive M: | 465,65 Gb Total Space | 30,29 Gb Free Space | 6,50% Space Free | 
Partition Type: FAT32

 
 

 
Computer Name: TIMOTHY | User Name: Timothy_2 | Logged in as 
Administrator.

 
Boot Mode: Normal | Scan Mode: Current user

 
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name 
Whitelist: On | File Age = 30 Days

 
 

 
========== Processes (SafeList) ==========

 
 

 
PRC - [2011/12/09 13:27:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- 
C:\Users\Timothy_2\Desktop\OTL.exe

 
PRC - [2011/11/18 13:46:36 | 004,759,896 | ---- | M] (IObit) -- C:\Program 
Files\IObit\Advanced SystemCare 5\ASC.exe

 
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program 
Files\IObit\Advanced SystemCare 5\ASCTray.exe

 
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program 
Files\IObit\Advanced SystemCare 5\ASCService.exe

 
PRC - [2011/10/22 13:01:37 | 000,140,952 | ---- | M] (Google Inc.) -- 
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

 
PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program 
Files\IObit\IObit Malware Fighter\IMFsrv.exe

 
PRC - [2011/09/30 06:33:16 | 001,025,936 | ---- | M] (Shenzhen QVOD 
Technology Co.,Ltd) -- C:\QvodPlayer\QvodTerminal.exe

 
PRC - [2011/09/28 20:05:40 | 000,141,200 | ---- | M] (Tencent) -- C:\Program 
Files\TENCENT\SOSOUpdate.exe

 
PRC - [2011/09/07 11:08:50 | 000,033,792 | ---- | M] (Roozz.com) -- 
C:\Program Files\Roozz\RoozzHelper.exe

 
PRC - [2011/08/27 20:16:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- 
C:\Program Files\Sandboxie\SbieSvc.exe

 
PRC - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- 
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

 
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems 
Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

 
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program 
Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

 
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program 
Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

 
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital 
Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive 
Manager\WDDMStatus.exe

 
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program 
Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

 
PRC - [2010/05/27 15:29:09 | 000,126,976 | ---- | M] () -- 
C:\Windows\System32\UAService7.exe

 
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- 
C:\Program Files\DAEMON Tools Lite\DTLite.exe

 
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- 
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

 
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program 
Files\TomTom HOME 2\TomTomHOMEService.exe

 
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) 
-- C:\Windows\explorer.exe

 
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- 
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 
PRC - [2007/04/19 17:11:16 | 000,151,552 | ---- | M] (Intel Corporation) -- 
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

 
PRC - [2007/04/19 17:10:42 | 000,081,920 | ---- | M] (Intel Corporation) -- 
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

 
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) 
-- C:\Windows\System32\wpcumi.exe

 
 

 
 

 
========== Modules (No Company Name) ==========

 
 

 
MOD - [2011/11/18 11:49:16 | 000,880,984 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\Scan.dll

 
MOD - [2011/11/10 19:24:30 | 000,599,896 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\DiskMap.dll

 
MOD - [2011/10/19 22:19:30 | 008,906,072 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\WebUI.dll

 
MOD - [2011/10/19 22:19:24 | 000,564,712 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\sqlite3.dll

 
MOD - [2011/10/19 22:18:48 | 000,058,712 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\NtfsData.dll

 
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\madexcept_.bpl

 
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\madbasic_.bpl

 
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program 
Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl

 
MOD - [2008/01/19 08:37:11 | 001,314,816 | ---- | M] () -- 
C:\Windows\System32\disevwow.dll

 
MOD - [2008/01/19 08:37:11 | 000,958,464 | ---- | M] () -- 
C:\Windows\System32\dlgofpop.dll

 
MOD - [2008/01/19 08:37:11 | 000,442,368 | ---- | M] () -- 
C:\Windows\System32\zipohrip\tcpoxvox\tblovlan.dll

 
 

 
 

 
========== Win32 Services (SafeList) ==========

 
 

 
SRV - File not found [Auto | Stopped] --  -- (vvdsvc)

 
SRV - File not found [Auto | Stopped] --  -- (SKLService)

 
SRV - [2011/11/18 03:23:18 | 003,313,752 | ---- | M] () [Auto | Running] -- 
c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)

 
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] 
-- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- 
(AdvancedSystemCareService5)

 
SRV - [2011/10/14 08:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei 
Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common 
Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)

 
SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] 
-- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

 
SRV - [2011/09/28 20:05:40 | 000,141,200 | ---- | M] (Tencent) [Auto | 
Running] -- C:\Program Files\TENCENT\SOSOUpdate.exe -- (SOSOUpSvc)

 
SRV - [2011/09/07 11:08:50 | 000,033,792 | ---- | M] (Roozz.com) [Auto | 
Running] -- C:\Program Files\Roozz\RoozzHelper.exe -- (Roozz Helper)

 
SRV - [2011/08/27 20:16:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto 
| Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

 
SRV - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | 
Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

 
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems 
Incorporated) [Auto | Running] -- C:\Program Files\Common 
Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

 
SRV - [2011/03/25 06:23:26 | 004,060,984 | ---- | M] (INCA Internet Co., 
Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

 
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- 
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- 
(WDFME)

 
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- 
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- 
(WDSC)

 
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] 
-- C:\Program Files\Western Digital\WD SmartWare\WD Drive 
Manager\WDDMService.exe -- (WDDMService)

 
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] ([URL="http://www.BitComet.com"]BitComet - A free C++ BitTorrent/HTTP/FTP Download Client[/URL]) 
[On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- 
(BITCOMET_HELPER_SERVICE)

 
SRV - [2010/05/27 15:29:09 | 000,126,976 | ---- | M] () [Auto | Running] -- 
C:\Windows\System32\UAService7.exe -- (UserAccess7) SecuROM User Access Service 
(V7)

 
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | 
Running] -- C:\Program Files\Common Files\ArcSoft\Connection 
Service\Bin\ACService.exe -- (ACDaemon)

 
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) 
[On_Demand | Stopped] -- C:\Program Files\McAfee Security 
Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

 
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | 
Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- 
(TomTomHOMEService)

 
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | 
Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- 
(YahooAUService)

 
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) 
[Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- 
(WinDefend)

 
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) 
[Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

 
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) 
[Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 
SRV - [2007/04/19 17:10:42 | 000,081,920 | ---- | M] (Intel Corporation) 
[Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage 
Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

 
 

 
 

 
========== Driver Services (SafeList) ==========

 
 

 
DRV - [2011/11/10 23:04:38 | 000,691,696 | ---- | M] () [Kernel | Boot | 
Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

 
DRV - [2011/10/12 18:00:42 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | 
System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- 
(dtsoftbus01)

 
DRV - [2011/10/08 17:04:26 | 000,018,768 | ---- | M] () [File_System | 
On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware 
Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)

 
DRV - [2011/09/20 14:28:42 | 000,019,792 | ---- | M] (IObit.com) [Kernel | 
On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware 
Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)

 
DRV - [2011/09/20 14:28:36 | 000,030,600 | ---- | M] (IObit.com) [Kernel | 
On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware 
Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)

 
DRV - [2011/08/27 20:16:04 | 000,129,808 | ---- | M] (SANDBOXIE L.T.D) 
[Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- 
(SbieDrv)

 
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital 
Technologies) [Kernel | On_Demand | Stopped] -- 
C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

 
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | 
Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- 
(SmartDefragDriver)

 
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) 
[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- 
(winusb)

 
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel 
| On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- 
(hamachi)

 
DRV - [2008/10/17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | 
On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- 
(Mkd2kfNt)

 
DRV - [2008/10/17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | 
On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- 
(Mkd2Nadr)

 
DRV - [2008/05/14 19:32:42 | 000,535,040 | ---- | M] (eMPIA Technology, Inc.) 
[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- 
(USB28xxBGA)

 
DRV - [2008/05/14 19:32:24 | 000,286,208 | ---- | M] (eMPIA Technology, Inc.) 
[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- 
(USB28xxOEM)

 
DRV - [2008/02/26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, 
Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys 
-- (netr73)

 
DRV - [2008/01/29 10:02:00 | 000,011,392 | ---- | M] () [Kernel | System | 
Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp)

 
DRV - [2008/01/19 08:37:11 | 000,044,544 | ---- | M] () [File_System | Boot | 
Running] -- C:\Windows\system32\DRIVERS\icodocam.sys -- (icodocam)

 
DRV - [2007/07/18 23:44:02 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel 
| On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- 
(LVUSBSta)

 
DRV - [2007/07/18 23:39:40 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel 
| On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) 
Logitech QuickCam Express(PID_0928)

 
DRV - [2007/06/21 12:00:53 | 000,320,384 | ---- | M] () [Kernel | On_Demand | 
Stopped] -- C:\Windows\System32\drivers\UDXTTM6000.sys -- (UDXTTM6000)

 
DRV - [2007/03/02 23:06:02 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) 
[Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for 
Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05010004})

 
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel 
| On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

 
DRV - [2006/06/29 03:11:48 | 000,017,408 | ---- | M] (DTV-DVB) [Kernel | 
On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6000HID.sys -- 
(UDXTTM6000HID)

 
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard 
Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys 
-- (Ps2)

 
DRV - [2005/06/13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | 
On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) 
Sony Ericsson W800 driver (WDM)

 
DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | 
On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) 
Sony Ericsson 750 driver (WDM)

 
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments 
Incorporated) [Kernel | On_Demand | Stopped] -- 
C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

 
 

 
 

 
========== Standard Registry (SafeList) ==========

 
 

 
 

 
========== Internet Explorer ==========

 
 

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://be.msn.com/?lang=nl-be"]MSN | Hotmail | Messenger | 
Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is 
MSN ![/URL]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com"]Yahoo![/URL]

 
IE - HKLM\SOFTWARE\Microsoft\Internet 
Explorer\Main,Default_Secondary_Page_URL = [URL]http://www.live.com/[/URL] [binary data]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [URL="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html"]Yahoo! SearchBar Home Page[/URL]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [URL="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"]Yahoo![/URL]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
[URL]http://www.live.com/[/URL] [binary 
data]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://be.msn.com/?lang=nl-be"]MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, 
lifestyle, auto en nog veel meer, dat is MSN ![/URL]

 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [URL="http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html"]Yahoo! SearchBar Home Page[/URL]

 
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID 
value found

 
 

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://be.msn.com/?lang=nl-be"]MSN | Hotmail | Messenger | 
Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is 
MSN ![/URL]

 
IE - HKCU\SOFTWARE\Microsoft\Internet 
Explorer\Main,Default_Secondary_Page_URL = [URL]http://www.live.com/[/URL] [binary data]

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
1

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
[URL]http://www.live.com/[/URL] [binary 
data]

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://be.msn.com/?lang=nl-be"]MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, 
lifestyle, auto en nog veel meer, dat is MSN ![/URL]

 
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - 
C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTNavAssist.dll (Yahoo! 
Inc.)

 
IE - HKCU\..\URLSearchHook: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - No CLSID 
value found

 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 
"ProxyEnable" = 0

 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: 
"ProxyServer" = http=;ftp=;https=;

 
 

 
========== FireFox ==========

 
 

 
 

 
 

 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: 
C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: 
C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

 
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program 
Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)

 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser 
Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll 
(DivX,Inc.)

 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload 
Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll 
(DivX,Inc.)

 
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not 
found

 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program 
Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: 
C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program 
Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 
FF - 
HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: 
C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: 
c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft 
Corporation)

 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: 
C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: 
C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft 
Corporation)

 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: 
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 
Foundation\NPWPF.dll (Microsoft Corporation)

 
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll 
()

 
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: 
C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

 
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: 
C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll 
(Google)

 
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: 
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando 
Networks)

 
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: 
C:\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

 
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: 
C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll 
(RealNetworks)

 
FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program 
Files\Roozz\nproozz.dll (Roozz.com)

 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: 
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: 
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 
10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: 
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando 
Networks)

 
 

 
FF - 
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: 
C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} 
[2009/11/20 16:14:52 | 000,000,000 | ---D | M]

 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 
8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components 
[2011/11/10 21:04:20 | 000,000,000 | ---D | M]

 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 
8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 
16:13:46 | 000,000,000 | ---D | M]

 
 

 
[2011/08/24 05:20:44 | 000,000,000 | ---D | M] (No name found) -- 
C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions

 
[2011/11/11 21:37:32 | 000,000,000 | ---D | M] (No name found) -- 
C:\Users\Timothy_2\AppData\Roaming\mozilla\Firefox\Profiles\3xobnkku.default\extensions

 
[2011/11/10 08:56:49 | 000,000,000 | ---D | M] (Ant Video Downloader) -- 
C:\Users\Timothy_2\AppData\Roaming\mozilla\Firefox\Profiles\3xobnkku.default\extensions\[email protected]

 
[2011/11/11 21:37:32 | 000,000,000 | ---D | M] (Yontoo Layers) -- 
C:\Users\Timothy_2\AppData\Roaming\mozilla\Firefox\Profiles\3xobnkku.default\extensions\[email protected]

 
[2011/11/10 21:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program 
Files\Mozilla Firefox\extensions

 
[2007/11/04 14:25:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) 
-- C:\Program Files\Mozilla 
Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

 
[2011/10/04 19:18:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program 
Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

 
[2011/11/01 13:37:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program 
Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

 
[2009/06/27 09:04:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework 
Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION 
FOUNDATION\DOTNETASSISTANTEXTENSION

 
[2011/11/10 21:04:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- 
C:\Program Files\mozilla firefox\components\browsercomps.dll

 
[2010/08/24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program 
Files\mozilla firefox\plugins\npBitCometAgent.dll

 
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- 
C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

 
[2008/02/09 23:01:03 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program 
Files\mozilla firefox\plugins\npgcplug.dll

 
[2007/12/19 13:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla 
firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

 
[2009/02/21 07:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- 
C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

 
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program 
Files\mozilla firefox\plugins\npracplug.dll

 
[2010/11/10 22:31:18 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\babylon.xml

 
[2011/10/02 17:59:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\bing.xml

 
[2011/10/02 17:59:54 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\bolcom-nl.xml

 
[2011/10/02 17:59:54 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\marktplaats-nl.xml

 
[2011/10/02 17:59:54 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\wikipedia-nl.xml

 
[2011/03/18 19:11:02 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla 
firefox\searchplugins\yahoo-nl.xml

 
 

 
========== Chrome  ==========

 
 

 
CHR - default_search_provider: Google (Enabled)

 
CHR - default_search_provider: search_url = 
{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

 
CHR - default_search_provider: suggest_url = 
{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program 
Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll

 
CHR - plugin: Shockwave Flash (Enabled) = 
C:\Windows\system32\Macromed\Flash\NPSWF32.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin2.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin3.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin4.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin5.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin6.dll

 
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npqtplugin7.dll

 
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program 
Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

 
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program 
Files\Java\jre6\bin\new_plugin\npjp2.dll

 
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 
9.0\Reader\Browser\nppdf32.dll

 
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft 
Silverlight\4.0.60531.0\npctrl.dll

 
CHR - plugin: Shockwave for Director (Enabled) = 
C:\Windows\system32\Adobe\Director\np32dsw.dll

 
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npdivx32.dll

 
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = 
C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

 
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program 
Files\Mozilla Firefox\plugins\NPOFF12.DLL

 
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = 
C:\Program Files\Microsoft\Office Live\npOLW.dll

 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

 
CHR - plugin: Native Client (Enabled) = C:\Program 
Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program 
Files\Google\Chrome\Application\15.0.874.121\pdf.dll

 
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npBitCometAgent.dll

 
CHR - plugin: Google Gadget Plugin (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

 
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npOGAPlugin.dll

 
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla 
Firefox\plugins\npracplug.dll

 
CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program 
Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

 
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program 
Files\DivX\DivX Content Uploader\npUpload.dll

 
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google 
Earth\plugin\npgeplugin.dll

 
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google 
Updater\2.4.1536.6592\npCIDetect13.dll

 
CHR - plugin: Google Update (Enabled) = C:\Program 
Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

 
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando 
Networks\Media Booster\npPandoWebPlugin.dll

 
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll

 
CHR - plugin: Roozz plugin (Enabled) = C:\Program Files\Roozz\nproozz.dll

 
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program 
Files\VideoLAN\VLC\npvlc.dll

 
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program 
Files\Windows Live\Photo Gallery\NPWLPG.dll

 
CHR - plugin: Nexon Game Controller (Enabled) = 
C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

 
CHR - plugin: QvodInsert (Enabled) = C:\QvodPlayer\npQvodInsert.dll

 
CHR - plugin: Windows Presentation Foundation (Enabled) = 
C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 
Foundation\NPWPF.dll

 
CHR - plugin: Default Plug-in (Enabled) = default_plugin

 
CHR - Extension: Beat the Boot (van Google) = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.0_0\

 
CHR - Extension: Angry Birds = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

 
CHR - Extension: 3DTin = C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\0.97_0\

 
CHR - Extension: ImmorTall = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\ccgofchligkleafmbnobellmjjoppoin\1.5.0_0\

 
CHR - Extension: Pool = C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\

 
CHR - Extension: Gun Bros = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.0_0\

 
CHR - Extension: Crazy Flasher 4 = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\dhhfpmofefjgffdobfkihcccibfgfnaj\1.0_0\

 
CHR - Extension: Ratchet & Clank Future 2 = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\

 
CHR - Extension: Spartan Warfare = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\gbhoeifpbfimlcjcldnfmgglgcplockk\1.0_0\

 
CHR - Extension: 3D Bowling = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\1.9_0\

 
CHR - Extension: Air Hockey = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\

 
CHR - Extension: Chrome Klok = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\2.0.3_0\

 
CHR - Extension: LineBall = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\jeclmehkhpookgkhkecnaanahhoglakj\1.2.0_0\

 
CHR - Extension: Perpetual Blaze = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\jgjbldhpikblgpcbgdokneecddeomimo\1.1.5_0\

 
CHR - Extension: Skyrama = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\

 
CHR - Extension: IP-adres = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.0_0\

 
CHR - Extension: Cargo Bridge = 
C:\Users\Timothy_2\AppData\Local\Google\Chrome\User 
Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\

 
 

 
O1 HOSTS File: ([2011/11/30 17:36:12 | 000,000,690 | ---- | M]) - 
C:\Windows\System32\drivers\etc\hosts

 
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org

 
O1 - Hosts: 127.0.0.1 [URL="http://www.virusscan.jotti.org"]Jotti's 
malware scan[/URL]

 
O1 - Hosts: 127.0.0.1 virus-trap.org

 
O1 - Hosts: 127.0.0.1 [URL="http://www.virus-trap.org"]Virus | Internet Security | Software Mcafee Gold Technical 
Support at Virus-Trap.org[/URL]

 
O1 - Hosts: 127.0.0.1 filterbit.com

 
O1 - Hosts: 127.0.0.1 [URL="http://www.filterbit.com"]Metascan Online | Free online file scanning with multiple 
antivirus engines[/URL]

 
O1 - Hosts: 127.0.0.1 [URL="http://www.eblaster.com"]eBlaster Spy Software - Spector Pro Internet Spy[/URL] 

 
O1 - Hosts: 127.0.0.1 [URL="http://www.spectorsoft.com"]Computer and Internet Monitoring Software[/URL] 

 
O1 - Hosts: 127.0.0.1 eblaster.com 

 
O1 - Hosts: 127.0.0.1 spectorsoft.com 

 
O1 - Hosts: 127.0.0.1 [URL="http://www.u2a1376gf-43ty-245b.com"]www.u2a1376gf-43ty-245b.com[/URL] 


 
O1 - Hosts: 127.0.0.1 u2a1376gf-43ty-245b.com 

 
O1 - Hosts: 127.0.0.1 [URL="http://www.v19170dc0-7597-11d.com"]www.v19170dc0-7597-11d.com[/URL] 


 
O1 - Hosts: 127.0.0.1 v19170dc0-7597-11d.com 

 
O1 - Hosts: 127.0.0.1 [URL="http://www.d2a1376gf-43ty-245a.com"]www.d2a1376gf-43ty-245a.com[/URL] 


 
O1 - Hosts: 127.0.0.1 d2a1376gf-43ty-245a.com 

 
O1 - Hosts: 127.0.0.1 photofunia.com

 
O1 - Hosts: 127.0.0.1 [URL="http://www.photofunia.com"]PhotoFunia :: Effects[/URL]

 
O1 - Hosts: 127.0.0.1 photofunia.nl

 
O1 - Hosts: 127.0.0.1 [URL="http://www.photofunia.nl"]photofunia.nl[/URL]

 
O1 - Hosts: 127.0.0.1 photofunia.be

 
O1 - Hosts: 127.0.0.1 [URL="http://www.photofunia.be"]www.photofunia.be[/URL]

 
O2 - BHO: (&Yahoo! Toolbar Helper) - 
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)

 
O2 - BHO: (ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö) - 
{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder 
Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll (ShenZhen Xunlei Networking 
Technologies,LTD)

 
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program 
Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value 
found.

 
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - 
C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll 
(深圳市迅雷网络技术有限公司)

 
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)

 
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - 
C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll (Yahoo! 
Inc)

 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} 
- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

 
O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No 
CLSID value found.

 
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No 
CLSID value found.

 
O3 - HKLM\..\Toolbar: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - 
C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)

 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - 
{3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program 
Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

 
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage 
Manager\Iaanotif.exe (Intel Corporation)

 
O4 - HKLM..\Run: [QvodTerminal] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD 
Technology Co.,Ltd)

 
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft 
Corporation)

 
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced 
SystemCare 5\ASCTray.exe (IObit)

 
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools 
Lite\DTLite.exe (DT Soft Ltd)

 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 
NoCDBurning = 0

 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 
AllowLegacyWebView = 1

 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 
AllowUnhashedWebView = 1

 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 
EnableShellExecuteHooks = 1

 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 
EnableLUA = 0

 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 
NoDriveTypeAutoRun = 145

 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 
LogonHoursAction = 2

 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 
DontDisplayLogonHoursWarnings = 1

 
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - 
C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)

 
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} 
- C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)

 
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - 
C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)

 
O13 - gopher Prefix: missing

 
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [URL]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/URL] 
(Checkers Class)

 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [URL]http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab[/URL] 
(UnoCtrl Class)

 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/URL] 
(Java Plug-in 1.6.0_29)

 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [URL]http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[/URL] 
(Reg Error: Value error.)

 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [URL]http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[/URL] 
(MSN Games - Installer)

 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [URL]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/URL] 
(MessengerStatsClient Class)

 
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/URL] 
(Java Plug-in 1.6.0_24)

 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/URL] 
(Java Plug-in 1.6.0_29)

 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab[/URL] 
(Java Plug-in 1.6.0_29)

 
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [URL]http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[/URL] 
(Minesweeper Flags Class)

 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 
192.168.2.1

 
O17 - 
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9B81F55-B9C0-4292-A566-F1BB74565462}: 
DhcpNameServer = 192.168.2.1

 
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) -C:\Program 
Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

 
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe 
(Microsoft Corporation)

 
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) 
-C:\Windows\System32\userinit.exe (Microsoft Corporation)

 
O24 - Desktop WallPaper: C:\Users\Timothy\AppData\Roaming\Microsoft\Windows 
Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg

 
O24 - Desktop BackupWallPaper: 
C:\Users\Timothy\AppData\Roaming\Microsoft\Windows Photo 
Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg

 
O28 - HKLM ShellExecuteHooks: {4562B511-62E9-4533-B7B2-56A8BB10B482} - 
C:\Program Files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(815).dll 
(深圳市迅雷网络技术有限公司)

 
O32 - HKLM CDRom: AutoRun - 1

 
O32 - AutoRun File - [2011/10/23 17:20:55 | 000,000,121 | ---- | M] () - 
C:\AUTOEXEC.BAT -- [ NTFS ]

 
O32 - AutoRun File - [2007/02/06 09:08:46 | 000,000,046 | ---- | M] () - 
E:\Autorun.inf -- [ UDF ]

 
O32 - AutoRun File - [2009/02/27 01:57:36 | 000,000,120 | ---- | M] () - 
K:\Autorun.inf -- [ FAT32 ]

 
O33 - MountPoints2\{41596d8f-b4a8-11e0-b409-001bfca45913}\Shell - "" = 
AutoRun

 
O33 - 
MountPoints2\{41596d8f-b4a8-11e0-b409-001bfca45913}\Shell\AutoRun\command - "" = 
F:\ITNT.exe

 
O33 - MountPoints2\{d369a014-6ce5-11dc-aad6-806e6f6e6963}\Shell - "" = 
AutoRun

 
O33 - 
MountPoints2\{d369a014-6ce5-11dc-aad6-806e6f6e6963}\Shell\AutoRun\command - "" = 
E:\Fysica4.exe -- [2008/11/26 13:36:06 | 002,790,015 | ---- | M] (Multidmedia 
Limited)

 
O33 - MountPoints2\{da6f64f8-b2ab-11e0-a5a2-001bfca45913}\Shell - "" = 
AutoRun

 
O33 - 
MountPoints2\{da6f64f8-b2ab-11e0-a5a2-001bfca45913}\Shell\AutoRun\command - "" = 
L:\ITNT.exe

 
O34 - HKLM BootExecute: (autocheck autochk *)

 
O35 - HKLM\..comfile [open] -- "%1" %*

 
O35 - HKLM\..exefile [open] -- "%1" %*

 
O37 - HKLM\...com [@ = comfile] -- "%1" %*

 
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 

 
========== Files/Folders - Created Within 30 Days ==========

 
 

 
[2011/12/09 13:25:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- 
C:\Users\Timothy_2\Desktop\OTL.exe

 
[2011/12/08 14:37:07 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Local\Western_Digital

 
[2011/12/08 14:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Western 
Digital

 
[2011/12/08 14:19:19 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare

 
[2011/12/08 14:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Texas 
Instruments

 
[2011/12/08 14:03:39 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\Texas Instruments

 
[2011/12/07 20:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Western 
Digital

 
[2011/12/07 20:54:07 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Local\Western Digital

 
[2011/12/07 12:25:41 | 000,000,000 | ---D | C] -- C:\NGM

 
[2011/12/06 19:27:48 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2

 
[2011/12/06 19:27:44 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

 
[2011/12/06 19:26:52 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3

 
[2011/12/06 19:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

 
[2011/12/06 19:19:02 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5

 
[2011/12/05 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS

 
[2011/12/05 19:05:36 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Platinum Hide IP

 
[2011/12/05 19:05:34 | 000,000,000 | ---D | C] -- C:\Program 
Files\PlatinumHideIP

 
[2011/12/05 17:04:46 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\C__Users_Timothy_2_Downloads_PlatinumHideIP_PlatinumHideIP.exe

 
[2011/12/05 17:04:46 | 000,000,000 | ---D | C] -- 
C:\ProgramData\C__Users_Timothy_2_Downloads_PlatinumHideIP_PlatinumHideIP.exe

 
[2011/12/05 16:57:04 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\PlatinumHideIP

 
[2011/12/05 16:57:04 | 000,000,000 | ---D | C] -- 
C:\ProgramData\PlatinumHideIP

 
[2011/12/04 14:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky 
Lab

 
[2011/11/30 17:35:30 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1

 
[2011/11/24 21:04:43 | 000,000,000 | ---D | C] -- C:\Program 
Files\Cambridge

 
[2011/11/23 18:51:03 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

 
[2011/11/23 18:51:03 | 000,000,000 | ---D | C] -- C:\Program 
Files\WinDirStat

 
[2011/11/23 18:27:41 | 000,000,000 | ---D | C] -- 
C:\ProgramData\AltrixSoft

 
[2011/11/23 18:16:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi

 
[2011/11/22 20:48:47 | 000,000,000 | ---D | C] -- C:\TestZip

 
[2011/11/21 17:01:31 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\Desktop\7zcracker

 
[2011/11/21 16:57:57 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zip Password Recovery 
Master

 
[2011/11/21 16:47:12 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\bonetown

 
[2011/11/18 00:11:45 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

 
[2011/11/17 18:51:06 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\Printer Info Cache

 
[2011/11/17 18:51:05 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\Documents\Mijn scanafbeeldingen

 
[2011/11/17 18:51:05 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\Image Zone Express

 
[2011/11/16 18:44:14 | 000,000,000 | ---D | C] -- C:\output

 
[2011/11/12 09:59:13 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\HP

 
[2011/11/11 21:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo 
Layers Runtime

 
[2011/11/11 21:16:56 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\PhotoScape

 
[2011/11/11 21:16:20 | 000,000,000 | ---D | C] -- C:\Program 
Files\PhotoScape

 
[2011/11/10 23:04:39 | 000,000,000 | ---D | C] -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

 
[2011/11/10 21:37:10 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\Documents\combat amrs

 
[2011/11/10 09:16:59 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\Documents\Command & Conquer 3 Tiberium Wars

 
[2011/11/10 09:15:04 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\Command & Conquer 3 Tiberium Wars

 
[2011/11/10 09:02:44 | 000,000,000 | ---D | C] -- 
C:\Users\Timothy_2\AppData\Roaming\SystemRequirementsLab

 
[2011/10/09 16:11:17 | 000,250,544 | ---- | C] (KeyWorks Software) -- 
C:\Program Files\Common Files\keyhelp.ocx

 
[2007/11/16 20:03:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- 
C:\Program Files\RngInterstitial.dll

 
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 

 
========== Files - Modified Within 30 Days ==========

 
 

 
[2011/12/09 13:29:08 | 000,001,042 | ---- | M] () -- 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

 
[2011/12/09 13:27:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- 
C:\Users\Timothy_2\Desktop\OTL.exe

 
[2011/12/09 13:06:14 | 000,001,046 | ---- | M] () -- 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 
[2011/12/09 12:18:10 | 000,003,568 | -H-- | M] () -- 
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

 
[2011/12/09 12:18:10 | 000,003,568 | -H-- | M] () -- 
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

 
[2011/12/09 12:18:01 | 000,067,584 | --S- | M] () -- 
C:\Windows\bootstat.dat

 
[2011/12/09 04:02:19 | 000,447,056 | ---- | M] () -- 
C:\Windows\System32\FNTCACHE.DAT

 
[2011/12/08 23:38:39 | 000,721,688 | ---- | M] () -- 
C:\Windows\System32\perfh013.dat

 
[2011/12/08 23:38:39 | 000,634,846 | ---- | M] () -- 
C:\Windows\System32\perfh009.dat

 
[2011/12/08 23:38:39 | 000,149,892 | ---- | M] () -- 
C:\Windows\System32\perfc013.dat

 
[2011/12/08 23:38:39 | 000,123,716 | ---- | M] () -- 
C:\Windows\System32\perfc009.dat

 
[2011/12/08 20:23:52 | 000,002,453 | ---- | M] () -- 
C:\Users\Public\Desktop\TI-SmartView.lnk

 
[2011/12/08 14:47:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\Google 
Software Updater.job

 
[2011/12/08 14:41:08 | 000,020,480 | ---- | M] () -- 
C:\Users\Timothy_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
[2011/12/08 14:21:19 | 000,001,223 | ---- | M] () -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

 
[2011/12/06 18:06:33 | 000,021,257 | ---- | M] () -- 
C:\Windows\System32\jobadocx.dll

 
[2011/12/06 02:08:40 | 000,476,298 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\F4.2 Leerstofoverzicht Kerstexamen 11-12.pdf

 
[2011/12/05 21:26:08 | 000,001,553 | ---- | M] () -- 
C:\Users\Public\Desktop\Combat Arms.lnk

 
[2011/12/05 19:05:36 | 000,000,878 | ---- | M] () -- 
C:\Users\Public\Desktop\Platinum Hide IP.lnk

 
[2011/11/30 17:36:12 | 000,000,690 | ---- | M] () -- 
C:\Windows\System32\drivers\etc\hosts

 
[2011/11/24 22:18:43 | 000,000,038 | ---- | M] () -- 
C:\Windows\avisplitter.INI

 
[2011/11/20 12:07:55 | 000,001,973 | ---- | M] () -- 
C:\Users\Public\Desktop\Google Chrome.lnk

 
[2011/11/18 20:44:18 | 000,326,187 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\ELOV CIRKEL (1).pdf

 
[2011/11/18 13:03:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) 
-- C:\Windows\System32\FlashPlayerCPLApp.cpl

 
[2011/11/13 19:04:47 | 002,120,092 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\tanguy redesign.jpg

 
[2011/11/13 18:38:01 | 002,123,424 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\Frans Tanguy.zip

 
[2011/11/13 09:38:14 | 000,977,539 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\tanguy1.jpg

 
[2011/11/13 09:38:14 | 000,584,046 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\tanguy3.jpg

 
[2011/11/13 09:38:14 | 000,561,523 | ---- | M] () -- 
C:\Users\Timothy_2\Documents\tanguy2.jpg

 
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 

 
========== Files Created - No Company Name ==========

 
 

 
[2011/12/08 14:21:19 | 000,001,223 | ---- | C] () -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

 
[2011/12/08 14:02:08 | 000,002,453 | ---- | C] () -- 
C:\Users\Public\Desktop\TI-SmartView.lnk

 
[2011/12/06 20:38:50 | 000,020,312 | ---- | C] () -- 
C:\Windows\System32\RegistryDefragBootTime.exe

 
[2011/12/06 19:27:51 | 000,025,944 | ---- | C] () -- 
C:\Windows\System32\SmartDefragBootTime.exe

 
[2011/12/06 19:27:51 | 000,015,672 | ---- | C] () -- 
C:\Windows\System32\drivers\SmartDefragDriver.sys

 
[2011/12/06 18:52:31 | 000,476,298 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\F4.2 Leerstofoverzicht Kerstexamen 11-12.pdf

 
[2011/12/06 18:52:31 | 000,384,224 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\F4 - Hoofdstuk 1 - Fysische grootheden - 
correctiesleutel (deel 1).pdf

 
[2011/12/06 18:52:31 | 000,225,412 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\F4 - Hoofdstuk 1 - Fysische grootheden - 
correctiesleutel (deel 2).pdf

 
[2011/12/06 18:52:31 | 000,107,670 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\F4.2 - Arbeid - Extra oefeningen.pdf

 
[2011/12/06 18:52:31 | 000,044,401 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\F4.2 - Vermogen - Extra oefeningen.pdf

 
[2011/12/05 21:26:08 | 000,001,553 | ---- | C] () -- 
C:\Users\Public\Desktop\Combat Arms.lnk

 
[2011/12/05 19:05:36 | 000,000,878 | ---- | C] () -- 
C:\Users\Public\Desktop\Platinum Hide IP.lnk

 
[2011/11/18 20:44:16 | 000,326,187 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\ELOV CIRKEL (1).pdf

 
[2011/11/13 19:04:47 | 002,120,092 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\tanguy redesign.jpg

 
[2011/11/13 18:39:18 | 000,584,046 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\tanguy3.jpg

 
[2011/11/13 18:39:18 | 000,561,523 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\tanguy2.jpg

 
[2011/11/13 18:37:56 | 002,123,424 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\Frans Tanguy.zip

 
[2011/11/12 18:52:19 | 000,977,539 | ---- | C] () -- 
C:\Users\Timothy_2\Documents\tanguy1.jpg

 
[2011/09/29 21:13:20 | 000,021,257 | ---- | C] () -- 
C:\Windows\System32\jobadocx.dll

 
[2011/09/26 18:55:17 | 000,118,272 | ---- | C] () -- C:\Windows\EHsvc.dll

 
[2011/09/22 18:45:40 | 000,001,972 | ---- | C] () -- 
C:\Windows\Sandboxie.ini

 
[2011/09/16 16:42:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

 
[2011/08/27 16:14:06 | 000,020,480 | ---- | C] () -- 
C:\Users\Timothy_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
[2011/08/27 16:13:49 | 000,000,680 | ---- | C] () -- 
C:\Users\Timothy_2\AppData\Local\d3d9caps.dat

 
[2011/06/20 14:53:47 | 000,000,046 | ---- | C] () -- 
C:\Windows\System32\4E37A837910D.ini

 
[2011/04/11 21:22:11 | 000,053,248 | ---- | C] () -- 
C:\Windows\System32\PPadApi.dll

 
[2011/04/11 21:22:02 | 000,131,072 | ---- | C] () -- 
C:\Windows\System32\PPWORDW.DLL

 
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- 
C:\Windows\System32\xlive.dll.cat

 
[2011/03/29 14:05:48 | 000,709,992 | ---- | C] () -- 
C:\Windows\System32\kindling.dll

 
[2010/12/13 18:00:31 | 000,000,262 | RHS- | C] () -- 
C:\ProgramData\ntuser.pol

 
[2010/05/27 15:29:09 | 000,126,976 | ---- | C] () -- 
C:\Windows\System32\UAService7.exe

 
[2010/05/11 19:37:10 | 000,041,872 | ---- | C] () -- 
C:\Windows\System32\xfcodec.dll

 
[2010/04/09 22:27:32 | 000,000,038 | ---- | C] () -- 
C:\Windows\avisplitter.INI

 
[2010/03/21 07:31:24 | 000,069,632 | ---- | C] () -- 
C:\Windows\System32\xmltok.dll

 
[2010/03/21 07:31:24 | 000,036,864 | ---- | C] () -- 
C:\Windows\System32\xmlparse.dll

 
[2010/03/12 20:42:51 | 000,011,392 | ---- | C] () -- 
C:\Windows\System32\drivers\archlp.sys

 
[2010/02/14 08:26:24 | 000,189,248 | ---- | C] () -- 
C:\Windows\System32\PnkBstrB.exe

 
[2010/02/14 08:25:54 | 000,075,064 | ---- | C] () -- 
C:\Windows\System32\PnkBstrA.exe

 
[2010/01/22 16:13:05 | 000,000,065 | ---- | C] () -- 
C:\Windows\WININIT.INI

 
[2009/12/25 04:35:20 | 000,000,008 | ---- | C] () -- 
C:\ProgramData\sysReserve.ini

 
[2009/10/10 18:07:10 | 000,000,075 | ---- | C] () -- 
C:\Windows\cdplayer.ini

 
[2009/10/09 20:00:24 | 000,000,552 | ---- | C] () -- C:\Windows\eReg.dat

 
[2009/09/26 19:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

 
[2009/09/01 07:05:16 | 000,000,040 | ---- | C] () -- 
C:\ProgramData\ra3.ini

 
[2009/08/29 02:23:20 | 000,000,020 | ---- | C] () -- 
C:\Windows\System32\pub_store.dat

 
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- 
C:\Windows\System32\OGACheckControl.dll

 
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- 
C:\Windows\System32\OGAEXEC.exe

 
[2009/08/01 08:45:39 | 000,107,612 | ---- | C] () -- 
C:\Windows\System32\StructuredQuerySchema.bin

 
[2009/08/01 08:45:38 | 000,117,248 | ---- | C] () -- 
C:\Windows\System32\EhStorAuthn.dll

 
[2009/08/01 08:44:05 | 000,018,904 | ---- | C] () -- 
C:\Windows\System32\StructuredQuerySchemaTrivial.bin

 
[2009/02/16 13:32:47 | 000,755,027 | ---- | C] () -- 
C:\Windows\System32\xvidcore.dll

 
[2009/02/16 13:32:47 | 000,159,839 | ---- | C] () -- 
C:\Windows\System32\xvidvfw.dll

 
[2009/02/16 13:32:46 | 003,596,288 | ---- | C] () -- 
C:\Windows\System32\qt-dx331.dll

 
[2009/02/16 13:32:44 | 000,007,680 | ---- | C] () -- 
C:\Windows\System32\ff_vfw.dll

 
[2009/02/15 15:43:22 | 004,994,717 | ---- | C] () -- 
C:\Windows\System32\q9data.bin

 
[2009/02/15 15:43:22 | 000,000,086 | ---- | C] () -- 
C:\Windows\System32\QTRAYIME.INI

 
[2009/02/15 15:43:22 | 000,000,049 | ---- | C] () -- C:\Windows\Q9.INI

 
[2009/02/15 15:41:10 | 000,047,252 | ---- | C] () -- 
C:\Windows\System32\Qcbeigbk.bin

 
[2009/02/15 15:41:10 | 000,029,514 | ---- | C] () -- 
C:\Windows\System32\QCBEIB5.BIN

 
[2009/02/15 15:41:00 | 000,057,396 | ---- | C] () -- 
C:\Windows\System32\Q9xpb5u.EXE

 
[2009/02/15 15:41:00 | 000,035,328 | ---- | C] () -- 
C:\Windows\System32\qseteudc.exe

 
[2009/02/15 15:40:57 | 000,113,488 | ---- | C] () -- 
C:\Windows\System32\Qc4dic.dat

 
[2009/02/15 15:40:57 | 000,065,536 | ---- | C] () -- 
C:\Windows\System32\SkinMakerDll.dll

 
[2009/02/15 15:40:57 | 000,065,536 | ---- | C] () -- 
C:\Windows\System32\qcSkinMakerDll.dll

 
[2009/02/15 15:40:54 | 000,029,516 | ---- | C] () -- 
C:\Windows\System32\q9b5gb.bin

 
[2009/02/15 15:40:54 | 000,028,672 | ---- | C] () -- 
C:\Windows\System32\doime.exe

 
[2009/01/31 18:37:18 | 000,168,448 | ---- | C] () -- 
C:\Windows\System32\unrar.dll

 
[2008/09/03 01:09:11 | 000,000,000 | ---- | C] () -- 
C:\Windows\iPlayer.INI

 
[2008/07/14 17:40:13 | 000,000,107 | ---- | C] () -- 
C:\Windows\usrwiz.ini

 
[2008/06/28 15:35:02 | 006,656,000 | ---- | C] () -- 
C:\Windows\System32\kbdadcom.exe

 
[2008/06/28 15:35:02 | 001,683,456 | ---- | C] () -- 
C:\Windows\System32\w32anuri.dll

 
[2008/06/28 15:35:02 | 000,958,464 | ---- | C] () -- 
C:\Windows\System32\dlgofpop.dll

 
[2008/06/28 15:35:02 | 000,164,781 | ---- | C] () -- 
C:\Windows\System32\cfgipctl32.dll

 
[2008/06/28 15:35:02 | 000,044,544 | ---- | C] () -- 
C:\Windows\System32\drivers\icodocam.sys

 
[2008/06/18 20:51:06 | 000,147,456 | ---- | C] () -- 
C:\Windows\System32\igfxCoIn_v1504.dll

 
[2008/04/13 22:04:56 | 000,096,577 | ---- | C] () -- 
C:\Windows\hpqins16.dat

 
[2008/03/25 15:56:08 | 000,147,456 | ---- | C] () -- 
C:\Windows\System32\igfxCoIn_v1461.dll

 
[2007/11/04 14:25:06 | 000,003,424 | ---- | C] () -- 
C:\Windows\mozver.dat


 
[2007/10/18 21:39:27 | 000,320,384 | ---- | C] () -- 
C:\Windows\System32\drivers\UDXTTM6000.sys

 
[2007/10/01 20:18:40 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini

 
[2007/09/29 12:17:45 | 000,140,852 | ---- | C] () -- 
C:\Windows\hpoins12.dat

 
[2007/09/29 12:17:44 | 000,001,470 | ---- | C] () -- 
C:\Windows\hpomdl12.dat

 
[2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- 
C:\Windows\System32\igfxCoIn_v1322.dll

 
[2007/07/18 22:54:18 | 000,058,163 | ---- | C] () -- 
C:\Windows\System32\lvcoinst.ini

 
[2007/06/14 19:32:25 | 000,721,688 | ---- | C] () -- 
C:\Windows\System32\perfh013.dat

 
[2007/06/14 19:32:25 | 000,336,440 | ---- | C] () -- 
C:\Windows\System32\perfi013.dat

 
[2007/06/14 19:32:25 | 000,149,892 | ---- | C] () -- 
C:\Windows\System32\perfc013.dat

 
[2007/06/14 19:32:25 | 000,041,976 | ---- | C] () -- 
C:\Windows\System32\perfd013.dat

 
[2007/06/14 10:01:18 | 000,106,222 | ---- | C] () -- 
C:\Windows\hpqins13.dat

 
[2007/06/14 09:56:34 | 000,204,800 | ---- | C] () -- 
C:\Windows\System32\igfxCoIn_v1227.dll

 
[2007/06/14 09:48:24 | 000,061,440 | ---- | C] () -- 
C:\Windows\System32\OsdRemove.exe

 
[2007/06/14 09:44:47 | 000,102,400 | ---- | C] () -- 
C:\Windows\System32\pywintypes24.dll

 
[2007/06/14 09:44:46 | 000,327,680 | ---- | C] () -- 
C:\Windows\System32\pythoncom24.dll

 
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- 
C:\Windows\System32\px.ini

 
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- 
C:\Windows\System32\CddbPlaylist2Roxio.dll

 
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- 
C:\Windows\System32\CddbFileTaggerRoxio.dll

 
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- 
C:\Windows\bootstat.dat

 
[2006/11/02 13:47:37 | 000,447,056 | ---- | C] () -- 
C:\Windows\System32\FNTCACHE.DAT

 
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- 
C:\Windows\System32\sysprepMCE.dll

 
[2006/11/02 11:33:01 | 000,634,846 | ---- | C] () -- 
C:\Windows\System32\perfh009.dat

 
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- 
C:\Windows\System32\perfi009.dat

 
[2006/11/02 11:33:01 | 000,123,716 | ---- | C] () -- 
C:\Windows\System32\perfc009.dat

 
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- 
C:\Windows\System32\perfd009.dat

 
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- 
C:\Windows\System32\dssec.dat

 
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- 
C:\Windows\System32\NOISE.DAT

 
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- 
C:\Windows\System32\pacerprf.ini

 
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- 
C:\Windows\System32\mlang.dat

 
 

 
========== Files - Unicode (All) ==========

 
[2011/10/08 20:44:20 | 000,013,267 | ---- | M] 
()(C:\Users\Timothy_2\Documents\????.docx) -- 
C:\Users\Timothy_2\Documents\我的媽媽.docx

 
[2011/09/24 17:26:01 | 000,013,267 | ---- | C] 
()(C:\Users\Timothy_2\Documents\????.docx) -- 
C:\Users\Timothy_2\Documents\我的媽媽.docx

 
[2011/08/27 16:43:33 | 005,285,376 | ---- | M] 
()(C:\Users\Timothy_2\Desktop\????.pps) -- 
C:\Users\Timothy_2\Desktop\魔術貓眼.pps

 
[2011/08/27 16:43:17 | 005,285,376 | ---- | C] 
()(C:\Users\Timothy_2\Desktop\????.pps) -- 
C:\Users\Timothy_2\Desktop\魔術貓眼.pps

 
[2011/01/23 10:25:41 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- 
C:\Windows\System32\⯐И

 
[2011/01/23 10:25:41 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- 
C:\Windows\System32\⯐И

 
[2011/01/14 20:32:39 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- 
C:\Windows\System32\팘ϛ

 
[2011/01/14 20:32:39 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- 
C:\Windows\System32\팘ϛ

 
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

 
 

 
========== Alternate Data Streams ==========

 
 

 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EB170088

 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4

 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1493A0EF

 
 

 
< End of report >
And if this can help: i just removed 33 malware, made 4972 registry fixes and removed juk files with Advanced systemcare Pro V5.0.0
 
Last edited:

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload
Tnx for ur help here is Extras.txt and the other txt

And if this can help: i just removed 33 malware, made 4972 registry fixes and removed juk files with Advanced systemcare Pro V5.0.0

No worries :) It's my pleasure.

Thanks for the logs. I've seen quite a few things wrong with them so I'll go through them first and perhaps they'll improve your problem.

Multiple Anti-virus Software Detected

I notice that you have multiple anti virus programs installed on your system. If more than one program is running real time protection, then there is a very high chance of conflicts being created. This could cause the programs to 'fight' against eachother and they may render the other useless, hence reducing your protection. It is very important to ensure that you are only running one anti virus program at the same time.

I would suggest removing them all and installing MSE (Microsoft Security Essentials) which can be found here:

Microsoft Security Essentials - Free Antivirus for Windows

As well as using MSE, you should perform weekly scans with the Malwarebytes' Anti Malware

P2P Warning

P2P File sharing programs (uTorrent, BitComet, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

Outdated Java

Uninstalling Software

  1. Hold the
    windows_key.JPG
    key and press R to bring up the Run box
  2. In the box, type appwiz.cpl and press OK
  3. You will now see a list of your installed software, double click on all lines beginning Java to uninstall them
  4. Once you have done this, reboot your computer


Resetting the HOSTS file

You've got a lot of lines in your HOSTS file which shouldn't be there. Follow this tutorial to reset it:

How can I reset the Hosts file back to the default?

Removing IOBit Software

IOBit have developed a terrible reputation recently, see this for more details:

IOBit Steals Malwarebytes' Intellectual Property - Malwarebytes Forum

And after this behaviour, the general opinion across most forums is to remove this software. Please use RevoUninstaller to remove any IOBit program

Revo Uninstaller Pro - Uninstall Software, Remove Programs easily

Replace it with the free version of Malwarebytes:

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

*******************

If that isn't enough for you :p Then I would also highly recommend that you don't use System Optimizers/Boosters/Registry cleaners etc. as they tend to cause more problems than they cure. Small registry tweaks wont affect performance at all :)

I think that will do for now ;)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
No, i haven't done what u said yet but now it says I have to format it even on my win7 and sometimes it can't be detected
 

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload
small update: it works sometimes(but very slow) and sometimes it has to be formatted or not visible
 

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
In that case you need to be looking for a replacement. What model is it? If you don't feel comfortable doing this, you will have to take it into a shop.

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
these are the spec from the website, maybe i could ask for support on the site


My Passport Essential 500 GB USB 3.0/USB 2.0 Hard Drives ( WDBACY5000AWT)

Product Overview (PDF)


Performance Specifications
Serial Transfer Rate
USB 3.0
Serial Bus Transfer Rate (USB 3.0) 5 Gb/s (Max)

USB 2.0
Serial Bus Transfer Rate (USB 2.0) 480 Mb/s (Max)


Physical Specifications
Capacity 500 GB
Interface USB 3.0 and USB 2.0


Physical Dimensions
English
Height 0.60 Inches
Depth 3.2 Inches
Width 4.3 Inches
Weight 0.31 Pounds

Metric
Height 15 mm
Depth 83 mm
Width 110.0 mm
Weight 0.14 kg


Environmental Specifications
Temperature (English)
Operating 41° F to 95° F
Non-operating -4° F to 149° F

Temperature (Metric)
Operating 5° C to 35° C
Non-operating -20° C to 65° C

As used for storage capacity, one megabyte (MB) = one million bytes, one gigabyte (GB) = one billion bytes, and one terabyte (TB) = one trillion bytes. Total accessible capacity varies depending on operating environment. As used for buffer or cache, one megabyte (MB) = 1,048,576 bytes. As used for transfer rate or interface, megabyte per second (MB/s) = one million bytes per second, megabit per second (Mb/s) = one million bits per second, and gigabit per second (Gb/s) = one billion bits per second.
 

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload
Yes, it would probably be best to seek help from the manufacturer now. If you're lucky they may replace the drive :) I'll still be here if you need any further help

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Yeah, that would benice but then i have to re-download everything and 300Gb takes a lot of time
And should i mark this as solved?

btw tnx for all your help XD
 

My Computer

System One

  • Internet Speed
    5Mb/s download 3Mb/s upload
Yeah, that would benice but then i have to re-download everything and 300Gb takes a lot of time
And should i mark this as solved?

btw tnx for all your help XD

Hello Timothy,

No problem, sorry I couldn't be of much use - there's only a certain extent to what we can do when it's a hardware fault.

Try doing this to recover your data:

Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer - How-To Geek

When you get to this step:

image69.png


Just double click on your external hard drive to open it :) Ignore the rest of the steps, they're for internal hard drives. Copy your files to another location.

How precious is this data to you? You can pay for data recovery services however these are quite expensive. Might be worth considering.

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Back
Top