TechSpot

[Virus] svchost.exe and HRUPPROG

Solved
By MyCheeseCake
Jan 6, 2013
  1. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Extras.txt
    OTL Extras logfile created on: 1/17/2013 5:17:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ccw\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free
    3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.82% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 41.96 Gb Free Space | 28.65% Space Free | Partition Type: NTFS
    Drive D: | 151.60 Gb Total Space | 64.77 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
    Drive G: | 117.19 Gb Total Space | 89.48 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
    Drive H: | 115.69 Gb Total Space | 36.64 Gb Free Space | 31.67% Space Free | Partition Type: NTFS
    Drive I: | 146.48 Gb Total Space | 52.09 Gb Free Space | 35.56% Space Free | Partition Type: NTFS
    Drive J: | 151.61 Gb Total Space | 141.38 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
    Drive L: | 465.76 Gb Total Space | 96.21 Gb Free Space | 20.66% Space Free | Partition Type: NTFS

    Computer Name: COMPANY-6EF3B74 | User Name: ccw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\ccw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "58729:TCP" = 58729:TCP:*:Enabled:pando Media Booster
    "58729:UDP" = 58729:UDP:*:Enabled:pando Media Booster
    "56836:TCP" = 56836:TCP:*:Enabled:pando Media Booster
    "56836:UDP" = 56836:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
    "6121:TCP" = 6121:TCP:*:Enabled:doublekro char server
    "58729:TCP" = 58729:TCP:*:Enabled:pando Media Booster
    "58729:UDP" = 58729:UDP:*:Enabled:pando Media Booster
    "56836:TCP" = 56836:TCP:*:Enabled:pando Media Booster
    "56836:UDP" = 56836:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\searchserverproto.EXE" = C:\WINDOWS\searchserverproto.EXE:*:Enabled:Microst Windows Explorer
    "H:\Program Files\Ares\Ares.exe" = H:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
    "C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe" = C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
    "C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe" = C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GGclient -- ()
    "H:\Program Files\Hamachi\hamachi.exe" = H:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\ccw\Desktop\Little Fighter 2.5\lf2.5.exe" = C:\Documents and Settings\ccw\Desktop\Little Fighter 2.5\lf2.5.exe:*:Enabled:lf2.5
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Disabled:LifeCam.exe -- (Microsoft Corporation)
    "H:\Program Files\CABAL Online (SG MY)\Launcher\update\ESTdnheadless.exe" = H:\Program Files\CABAL Online (SG MY)\Launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
    "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:pnkBstrA -- ()
    "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB -- ()
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
    "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    "H:\Program Files\Valve\Counter-Strike Source\srcds.exe" = H:\Program Files\Valve\Counter-Strike Source\srcds.exe:*:Enabled:srcds
    "C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" = C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
    "H:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin" = H:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin:*:Enabled:project Torque
    "C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
    "H:\Program Files\MSN\Ares\Ares.exe" = H:\Program Files\MSN\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
    "H:\Program Files\Outspark\Project Powder\Run.exe" = H:\Program Files\Outspark\Project Powder\Run.exe:*:Enabled:projectPowder
    "H:\Program Files\World of Warcraft\Repair.exe" = H:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
    "D:\UT2003\System\UT2003.exe" = D:\UT2003\System\UT2003.exe:*:Enabled:UT2003
    "D:\Program Files\Softnyx\WolfTeam\Wolfteam.bin" = D:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam
    "D:\Program Files\Electronic Arts\Red Alert 3\RA3.exe" = D:\Program Files\Electronic Arts\Red Alert 3\RA3.exe:*:Disabled:Command & Conquer™ Red Alert™ 3
    "H:\Program Files\Left 4 Dead\left4dead.exe" = H:\Program Files\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
    "G:\Program Files\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe" = G:\Program Files\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe:*:Enabled:Game
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "H:\Program Files\World of Warcraft 2\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe" = H:\Program Files\World of Warcraft 2\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:*:Enabled:Blizzard Downloader
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
    "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
    "H:\Program Files\Garena\Garena.exe" = H:\Program Files\Garena\Garena.exe:*:Enabled:Garena
    "C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
    "C:\Documents and Settings\ccw\Desktop\[PSY] Garrys Mod 11(1.o.o.5)\hl2.exe" = C:\Documents and Settings\ccw\Desktop\[PSY] Garrys Mod 11(1.o.o.5)\hl2.exe:*:Enabled:hl2
    "H:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = H:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "H:\Program Files\WIZET\MapleStory\Patcher.exe" = H:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabled:patcher MFC ?? ????
    "H:\Program Files\Left 4 Dead 2\left4dead2.exe" = H:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
    "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
    "H:\ijji\ENGLISH\Gunz\Gunz.exe" = H:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz
    "H:\Program Files\Heroes of Newerth\hon.exe" = H:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth
    "H:\Program Files\ijji\ENGLISH\Gunz\Gunz.exe" = H:\Program Files\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\Program Files\Valve\Garry's Mod\hl2.exe" = C:\Program Files\Valve\Garry's Mod\hl2.exe:*:Enabled:Garry's_Mod
    "C:\Program Files\Valve\Garry's Mod\srcds.exe" = C:\Program Files\Valve\Garry's Mod\srcds.exe:*:Enabled:Garry's_Mod_Dedicated_Server
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\3Djam\Roozz\RoozzNHostSvc.exe" = C:\Program Files\3Djam\Roozz\RoozzNHostSvc.exe:*:Enabled:Roozz Host Service
    "H:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = H:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application
    "I:\Program Files\Activision\Modern Warfare 2\iw4sp.exe" = I:\Program Files\Activision\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp -- ()
    "H:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = H:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "D:\Program Files\Killing Floor\killingfloor\System\KillingFloor.exe" = D:\Program Files\Killing Floor\killingfloor\System\KillingFloor.exe:*:Enabled:KillingFloor
    "H:\Program Files\Warcraft 3 (Ucpro)\war3.exe" = H:\Program Files\Warcraft 3 (Ucpro)\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "H:\Program Files\Garena Messenger\Apps\HoN\hon.exe" = H:\Program Files\Garena Messenger\Apps\HoN\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
    "C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient
    "I:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe" = I:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps -- ()
    "I:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe" = I:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP -- ()
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "I:\Program Files\Softnyx\RakionIS\Bin\rakion.bin" = I:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion
    "I:\Program Files\Nexon\Vindictus\en-US\NMService.exe" = I:\Program Files\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
    "I:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = I:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader
    "I:\Program Files\World of Warcraft\Launcher.exe" = I:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "I:\Program Files\World of Warcraft\Launcher.patch.exe" = I:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
    "H:\Program Files\WIZET\MapleStorySEA\HShield\HSUpdate.exe" = H:\Program Files\WIZET\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate
    "H:\Program Files\WIZET\MapleStorySEA\Patcher.exe" = H:\Program Files\WIZET\MapleStorySEA\Patcher.exe:*:Enabled:patcher MFC ?? ????
    "H:\Program Files\WIZET\MapleStorySEA\NewPatcher.exe" = H:\Program Files\WIZET\MapleStorySEA\NewPatcher.exe:*:Enabled:patcher MFC ?? ????
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "I:\Program Files\Duty Calls\binaries\Win32\DutyCalls.exe" = I:\Program Files\Duty Calls\binaries\Win32\DutyCalls.exe:*:Enabled:DutyCalls
    "C:\Program Files\Kamuse\kcsDownloadV3Tray\KCSDownloadV3Tray.exe" = C:\Program Files\Kamuse\kcsDownloadV3Tray\KCSDownloadV3Tray.exe:*:Enabled:KCSDownloadEngine -- (Kamuse, Incorporated)
    "I:\Program Files\NFS Shift\shift.exe" = I:\Program Files\NFS Shift\shift.exe:*:Enabled:Need for Speed™ SHIFT
    "I:\Program Files\Lights\CRUCIS FATAL FAKE\data\FF2.exe" = I:\Program Files\Lights\CRUCIS FATAL FAKE\data\FF2.exe:*:Enabled:CRUCIS FATAL FAKE -- (Light's)
    "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
    "I:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2
    "C:\Documents and Settings\ccw\Application Data\svchost.exe" = C:\Documents and Settings\ccw\Application Data\svchost.exe:*:Enabled:Windows Messanger
    "C:\Documents and Settings\ccw\Application Data\0Q11SIUAOM.exe" = C:\Documents and Settings\ccw\Application Data\0Q11SIUAOM.exe:*:Enabled:Windows Messanger
    "C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2
    "I:\Program Files\MapleStory\Patcher.exe" = I:\Program Files\MapleStory\Patcher.exe:*:Disabled:patcher MFC ?? ????
    "I:\Program Files\Team Fortress 2\hl2.exe" = I:\Program Files\Team Fortress 2\hl2.exe:*:Enabled:hl2
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
    "I:\Program Files\Assassin's Creed Brotherhood\ACBMP.exe" = I:\Program Files\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer
    "I:\Program Files\WIZET\MapleStorySEA\HShield\HSUpdate.exe" = I:\Program Files\WIZET\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate
    "C:\Program Files\CollabNet\Subversion Client\trunk\map-server.exe" = C:\Program Files\CollabNet\Subversion Client\trunk\map-server.exe:*:Enabled:map-server -- ()
    "C:\Program Files\CollabNet\Subversion Client\trunk\login-server_sql.exe" = C:\Program Files\CollabNet\Subversion Client\trunk\login-server_sql.exe:*:Enabled:login-server_sql -- ()
    "C:\Program Files\CollabNet\Subversion Client\trunk\map-server_sql.exe" = C:\Program Files\CollabNet\Subversion Client\trunk\map-server_sql.exe:*:Enabled:map-server_sql -- ()
    "C:\Program Files\CollabNet\Subversion Client\trunk\login-server.exe" = C:\Program Files\CollabNet\Subversion Client\trunk\login-server.exe:*:Enabled:login-server -- ()
    "C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\map-server_sql.exe" = C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\map-server_sql.exe:*:Enabled:map-server_sql -- ()
    "C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\login-server_sql.exe" = C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\login-server_sql.exe:*:Enabled:login-server_sql -- ()
    "L:\Program Files\LeapFTP 3.0\LeapFTP.exe" = L:\Program Files\LeapFTP 3.0\LeapFTP.exe:*:Enabled:LeapFTP 3.0 -- (LeapWare)
    "C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\map-server.exe" = C:\Program Files\CollabNet\3CeAM Trunk R608 SQL\map-server.exe:*:Enabled:map-server -- ()
    "I:6\Portal 2\portal2.exe" = I:6\Portal 2\portal2.exe:*:Enabled:portal2.exe
    "L:\Program Files\Portal 2\portal2.exe" = L:\Program Files\Portal 2\portal2.exe:*:Enabled:portal2 -- ()
    "I:\Program Files\Softnyx\WolfTeam\Wolfteam.bin" = I:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam
    "C:\Program Files\Steam\steamapps\tonyanubis\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\tonyanubis\team fortress 2\hl2.exe:*:Enabled:hl2
    "I:\Program Files\AuraSEA\MapleStorySEA\AuraSea.exe" = I:\Program Files\AuraSEA\MapleStorySEA\AuraSea.exe:*:Enabled:AuraSEA
    "I:\Program Files\AuraSEA\MapleStorySEA\HShield\HSUpdate.exe" = I:\Program Files\AuraSEA\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate
    "I:\Program Files\Steam\steamapps\tonyanubis\team fortress 2\hl2.exe" = I:\Program Files\Steam\steamapps\tonyanubis\team fortress 2\hl2.exe:*:Enabled:hl2
    "I:\Program Files\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe" = I:\Program Files\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe:*:Enabled:AliceMadnessReturns
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
    "L:\Program Files\StarCraft II\StarCraft II.exe" = L:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
    "L:\Program Files\Starcraft 2\StarCraft II\StarCraft II.exe" = L:\Program Files\Starcraft 2\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "I:\Program Files\Steam\steamapps\common\rusty hearts\ClientLauncher.exe" = I:\Program Files\Steam\steamapps\common\rusty hearts\ClientLauncher.exe:*:Enabled:Rusty Hearts
    "I:\Program Files\Activision\Modern Warfare 2\iw4mp.dat" = I:\Program Files\Activision\Modern Warfare 2\iw4mp.dat:*:Enabled:iw4mp -- ()
    "L:\Program Files\Valve\Garry's Mod\hl2.exe" = L:\Program Files\Valve\Garry's Mod\hl2.exe:*:Enabled:Garry's_Mod
    "L:\Program Files\Valve\Garry's Mod\srcds.exe" = L:\Program Files\Valve\Garry's Mod\srcds.exe:*:Enabled:Garry's_Mod_Dedicated_Server
    "L:\Program Files\Dragon Nest\DragonNest.exe" = L:\Program Files\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest -- ()
    "C:\Documents and Settings\ccw\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\ccw\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
    "L:\Program Files\steam\steamapps\tonyanubis2\half-life\hl.exe" = L:\Program Files\steam\steamapps\tonyanubis2\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
    "G:\Call of Duty- Modern Warfare 3\iw5sp.exe" = G:\Call of Duty- Modern Warfare 3\iw5sp.exe:*:Enabled:iw5sp
    "G:\Program Files\Call of Duty- Modern Warfare 3\iw5sp.exe" = G:\Program Files\Call of Duty- Modern Warfare 3\iw5sp.exe:*:Enabled:iw5sp -- ()
    "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe" = C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe:*:Enabled:mysqld -- ()
    "L:\Program Files\LLLLLLLLLLLLLLL\login-server_sql.exe" = L:\Program Files\LLLLLLLLLLLLLLL\login-server_sql.exe:*:Enabled:login-server_sql -- ()
    "L:\Program Files\LLLLLLLLLLLLLLL\map-server_sql.exe" = L:\Program Files\LLLLLLLLLLLLLLL\map-server_sql.exe:*:Enabled:map-server_sql -- ()
    "C:\Program Files\Garena Plus\Room\garena_room.exe" = C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
    "G:\Program Files\Call of Duty- Modern Warfare 3\iw5mp_server.exe" = G:\Program Files\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server -- ()
    "G:\Program Files\Call of Duty- Modern Warfare 3\iw5mp.exe" = G:\Program Files\Call of Duty- Modern Warfare 3\iw5mp.exe:*:Enabled:iw5mp -- ()
    "C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe" = C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe:*:Enabled:ASUS Sync -- (Futuredial Inc.)
    "L:\Program Files\Wippien\Wippien.exe" = L:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien
    "L:\Program Files\Echobit\Evolve\EvoSvc.exe" = L:\Program Files\Echobit\Evolve\EvoSvc.exe:*:Enabled:Evolve Service -- (Echobit LLC)
    "L:\Program Files\Echobit\Evolve\EvolveClient.exe" = L:\Program Files\Echobit\Evolve\EvolveClient.exe:*:Enabled:Evolve Client -- (Echobit LLC)
    "C:\Documents and Settings\ccw\Desktop\uTorrent.exe" = C:\Documents and Settings\ccw\Desktop\uTorrent.exe:*:Enabled:µTorrent
    "L:\Program Files\Borderlands\Binaries\Borderlands.exe" = L:\Program Files\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
    "D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "L:\Program Files\Comodo Unite\Unite.exe" = L:\Program Files\Comodo Unite\Unite.exe:*:Enabled:COMODO Unite -- (COMODO)
    "L:\Program Files\Comodo Unite\EzVpnSvc.exe" = L:\Program Files\Comodo Unite\EzVpnSvc.exe:*:Enabled:COMODO Unite -- (COMODO)
    "L:\Program Files\Comodo Unite\crdphAppShare.exe" = L:\Program Files\Comodo Unite\crdphAppShare.exe:*:Enabled:COMODO Unite -- (COMODO)
    "L:\Program Files\Comodo Unite\crdphService.exe" = L:\Program Files\Comodo Unite\crdphService.exe:*:Enabled:COMODO Unite -- (COMODO)
    "L:\Program Files\Comodo Unite\UniteCAM.exe" = L:\Program Files\Comodo Unite\UniteCAM.exe:*:Enabled:COMODO Unite -- (COMODO)
    "L:\Program Files\3ceam\rewrite\login-server_sql.exe" = L:\Program Files\3ceam\rewrite\login-server_sql.exe:*:Enabled:login-server_sql -- ()
    "L:\Program Files\3ceam\rewrite\map-server_sql.exe" = L:\Program Files\3ceam\rewrite\map-server_sql.exe:*:Enabled:map-server_sql -- ()
    "I:\Program Files\Lights\CRUCIS FATAL FAKE alter\data\FF2.exe" = I:\Program Files\Lights\CRUCIS FATAL FAKE alter\data\FF2.exe:*:Enabled:CRUCIS FATAL FAKE -- (Light's)
    "L:\Program Files\The Elder Scrolls V Skyrim\CreationKit.exe" = L:\Program Files\The Elder Scrolls V Skyrim\CreationKit.exe:*:Disabled:Creation Kit -- (Bethesda Softworks)
    "C:\Documents and Settings\ccw\Local Settings\Application Data\IW4M\iw4m.dat" = C:\Documents and Settings\ccw\Local Settings\Application Data\IW4M\iw4m.dat:*:Enabled:iw4m -- ()
    "I:\Program Files\Activision\Modern Warfare 2\iw4m.exe" = I:\Program Files\Activision\Modern Warfare 2\iw4m.exe:*:Enabled:iw4m -- ()
    "L:\Program Files\steam\steamapps\common\tribes\Binaries\Win32\TribesAscend.exe" = L:\Program Files\steam\steamapps\common\tribes\Binaries\Win32\TribesAscend.exe:*:Enabled:TribesAscend -- (Hirez Studios, Inc.)
    "L:\Program Files\steam\steamapps\common\alien swarm\srcds.exe" = L:\Program Files\steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
    "L:\Program Files\steam\steamapps\common\alien swarm\swarm.exe" = L:\Program Files\steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
    "L:\Program Files\steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe" = L:\Program Files\steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe:*:Enabled:Blacklight: Retribution -- ()
    "L:\Program Files\steam\steamapps\tonyanubis\team fortress 2\hl2.exe" = L:\Program Files\steam\steamapps\tonyanubis\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
    "L:\Program Files\steam\steam.exe" = L:\Program Files\steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "L:\Program Files\steam\steamapps\tonyanubis2\garrysmod\hl2.exe" = L:\Program Files\steam\steamapps\tonyanubis2\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "L:\Program Files\Konami\Blades of Time\bladesoftime.exe" = L:\Program Files\Konami\Blades of Time\bladesoftime.exe:*:Enabled:Blades of Time
    "L:\Program Files\Ace of Spades\dist\run.exe" = L:\Program Files\Ace of Spades\dist\run.exe:*:Enabled:run -- ()
    "L:\Program Files\Ace of Spades\server.exe" = L:\Program Files\Ace of Spades\server.exe:*:Enabled:server -- ()
    "L:\Program Files\steam\steamapps\common\SourceFilmmaker\game\sfm.exe" = L:\Program Files\steam\steamapps\common\SourceFilmmaker\game\sfm.exe:*:Enabled:Source Filmmaker -- ()
    "L:\Program Files\steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe" = L:\Program Files\steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe:*:Enabled:Source Filmmaker -- ()
    "L:\Program Files\killingfloor\System\KillingFloor.exe" = L:\Program Files\killingfloor\System\KillingFloor.exe:*:Enabled:KillingFloor
    "L:\Program Files\Killing Floor\System\KillingFloor.exe" = L:\Program Files\Killing Floor\System\KillingFloor.exe:*:Enabled:KillingFloor -- ()
    "L:\Program Files\ARC SYSTEM WORKS\BLAZBLUE -CALAMITY TRIGGER-\BBCT.exe" = L:\Program Files\ARC SYSTEM WORKS\BLAZBLUE -CALAMITY TRIGGER-\BBCT.exe:*:Enabled:BLAZBLUE -CALAMITY TRIGGER- -- (ARC SYSTEM WORKS)
    "L:\Program Files\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe" = L:\Program Files\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2 -- (Take-Two Interactive Software, Inc.)
    "L:\Program Files\Strogino CS Portal\Garrys Mod\hl2.exe" = L:\Program Files\Strogino CS Portal\Garrys Mod\hl2.exe:*:Enabled:hl2
    "L:\Program Files\Dishonored\Binaries\Win32\Dishonored.exe" = L:\Program Files\Dishonored\Binaries\Win32\Dishonored.exe:*:Enabled:Dishonored -- (ZeniMax Media Inc.)
    "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "L:\Program Files\steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe" = L:\Program Files\steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe:*:Enabled:Tribes: Ascend -- (Microsoft)
    "L:\Program Files\MeteorEntertainment\Hawken\InstalledHawkenFiles\Binaries\Win32\HawkenGame-Win32-Shipping.exe" = L:\Program Files\MeteorEntertainment\Hawken\InstalledHawkenFiles\Binaries\Win32\HawkenGame-Win32-Shipping.exe:*:Enabled:HawkenGame-Win32-Shipping -- (Epic Games, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "L:\Program Files\steam\steamapps\common\PlanetSide 2\PlanetSide2.exe" = L:\Program Files\steam\steamapps\common\PlanetSide 2\PlanetSide2.exe:*:Enabled:planetSide2
    "L:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe" = L:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.)
    "L:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = L:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
    "C:\Documents and Settings\ccw\Local Settings\Temp\app83.exe" = C:\Documents and Settings\ccw\Local Settings\Temp\app83.exe:*:Enabled:InHouseSDM Setup
    "L:\Program Files\steam\steamapps\tonyanubis\garrysmod\hl2.exe" = L:\Program Files\steam\steamapps\tonyanubis\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
    "L:\UDK\Dream of the Blood Moon\Binaries\Win32\UDK.exe" = L:\UDK\Dream of the Blood Moon\Binaries\Win32\UDK.exe:*:Enabled:BUILT WITH UDK
    "I:\Program Files\BrawlBusters(EN)CBT\bin\PbLauncher.exe" = I:\Program Files\BrawlBusters(EN)CBT\bin\PbLauncher.exe:*:Enabled:BrawlBusters Launcher -- (SkeinGlobe)
    "I:\Program Files\BrawlBusters(EN)CBT\bin\pbclient.exe" = I:\Program Files\BrawlBusters(EN)CBT\bin\pbclient.exe:*:Enabled:BrawlBusters -- ()
    "C:\Program Files\Java\jre7\bin\java.exe" = C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "L:\Program Files\UDK\Dream of the Blood Moon\Binaries\Win32\UDK.exe" = L:\Program Files\UDK\Dream of the Blood Moon\Binaries\Win32\UDK.exe:*:Enabled:BUILT WITH UDK
    "L:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = L:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
    "L:\Program Files\FlashGet\FlashGet.exe" = L:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget
     
  2. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "{05E7A774-FBDC-EF1F-E56C-84DD82E3A085}" = Catalyst Control Center
    "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
    "{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
    "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
    "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17C6B5EB-8581-44F7-8641-A946D0810732}" = SuddenAttackSEA
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
    "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
    "{1A64449B-010C-3A4B-7D61-9F5EA9BDDA85}" = CCC Help Korean
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
    "{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.24
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{235DE550-1EE9-4B06-856C-D24478D02ED4}_is1" = Minecraft Launcher version 1.0
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
    "{27018D57-D152-44EF-BCE0-5E3B3445EABE}" = X-Blades
    "{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
    "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
    "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    "{30E40DAC-58D2-E34B-9108-732AB123BBC5}" = CCC Help French
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{335315BA-3EFC-ABE4-D242-7B8691600859}" = CCC Help Portuguese
    "{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{34225AF5-C1B6-8553-3AB4-18943E598BA5}" = CCC Help Chinese Standard
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
    "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3A504FB1-9593-48B4-81AE-D39F37EF7139}" = TortoiseSVN 1.7.3.22386 (32 bit)
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
    "{3E2AE2DE-BA36-F75C-C42F-4F81CFB8C69D}" = CCC Help Spanish
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{40285F95-B5CA-927D-5AA9-2E4C346BBF18}" = CCC Help German
    "{4106D232-7B04-4431-9E0B-79B83AFDD25E}" = MySQL Server 5.5
    "{415807D5-45E8-4635-A5A9-C81000008400}" = BLAZBLUE -CALAMITY TRIGGER-
    "{42EEC419-24CA-6716-854C-58C8F72D50F1}" = CCC Help Turkish
    "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
    "{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm
    "{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
    "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
    "{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
    "{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{52937564-8312-4B49-BB13-F7EDBB67EB34}" = MySQL Workbench 5.2 CE
    "{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
    "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{5C206C21-D400-102A-931B-891B4E91E050}" = CCC Help English
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5F9A7E9C-491A-4A1F-E15F-6FD76AF9B69D}" = CCC Help Czech
    "{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
    "{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
    "{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
    "{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{661D29B7-80F5-9D8E-0E98-F6B1985F4326}" = Catalyst Control Center Graphics Previews Common
    "{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{670B1B49-9FD3-4827-9B41-471EFF580AA8}" = Evolve
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
    "{6BA86584-D28F-E8B1-401A-36FEB2F116C1}" = CCC Help Italian
    "{6C2CB5E8-B928-4954-BEBB-A7C973ACC73C}" = ASUS Sync
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142020}" = Java 2 Runtime Environment, SE v1.4.2_02
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
    "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{785CC57D-7880-3EAB-B2D4-980A23ABEC7C}" = CCC Help Russian
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
    "{7AAD83F2-ECC4-DA0C-E692-EE978EE9AE63}" = ccc-utility
    "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = GG E-Sports Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8FCA0F04-0360-05A1-5611-CA3797B2922B}" = CCC Help Thai
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{94B5EB58-4409-4CD2-BEA4-A8E8B1708A50}" = AMD Catalyst Install Manager
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{98295A26-683A-D06A-336B-E481F4417209}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A5944EB-D4F9-CF2D-E1DD-F777F8C96055}" = Catalyst Control Center Localization All
    "{9B70D2D2-9497-DB65-24AF-F26680B6387D}" = CCC Help Norwegian
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9CDA9EA9-405B-4497-B874-9900845A3F62}" = Team Fortress 2
    "{9D10159F-1845-1EBA-A8D0-2FE77FC57F7A}" = CCC Help Polish
    "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
    "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
    "{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A78070FF-BED1-1144-2C61-A4F895FC79EF}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD277A6-F8AB-BF24-D2A7-BDE32F2F4498}" = CCC Help Chinese Traditional
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "{AFB8B095-E145-6554-0991-C8BF134036DE}" = CCC Help Swedish
    "{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B810D852-DFD6-DISOH-89A5-CC4D47756DAF}_is1" = Dishonored version 5.1
    "{B84A5E9D-6568-8B83-4989-0CBE0BBCA154}" = CCC Help Greek
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
    "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "{C6C82B03-1C44-EF77-3EEC-1ACECD19FC69}" = CCC Help Hungarian
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC168E4B-E913-145C-B337-95AC6C1231F5}" = CCC Help Dutch
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D3A8B9D5-EEE5-4F2A-9EDE-7EC3AADDA5D4}" = ASUS Android USB Drivers
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
    "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
    "{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
    "{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}" = MorphVOX Pro
    "{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E5C351DC-434E-2661-9392-7A5D6652FC00}" = CCC Help Japanese
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F4EB5F33-124B-BEEE-BCB6-1C7F91290865}" = CCC Help Finnish
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F527D3F1-57DF-43B5-A570-ADED61CE8C06}" = COMODO Unite
    "{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
    "{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12345_is1" = WeGame Client 2.2.2
    "18_is1" = RBO Extra Scenario Vol.1
    "35_is1" = RBO Extra Scenario Vol.2
    "36_is1" = RBO Extra Scenario Vol.3
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
    "7-Zip" = 7-Zip 9.20
    "AC3Filter" = AC3Filter (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Akamai" = Akamai NetSession Interface Service
    "APB Reloaded" = APB Reloaded
    "ASUS WebStorage" = ASUS WebStorage
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BFGC" = Big Fish Games: Game Manager
    "Blender" = Blender (remove only)
    "BlenderNIFScripts" = Blender NIF Scripts (remove only)
    "BolehVPN" = BolehVPN
    "Borderlands 2_is1" = Borderlands 2
    "BOSS" = BOSS
    "BrawlBusters(EN)CBT" = BrawlBusters(EN)CBT
    "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
    "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
    "CCleaner" = CCleaner
    "Cheat Engine 5.5_is1" = Cheat Engine 5.5
    "Collab" = Collab
    "CollabNet Automatic Update" = CollabNet Automatic Update 1.2
    "comtypes-py2.6" = Python 2.6 comtypes-0.6.2
    "CRUCIS FATAL FAKE" = CRUCIS FATAL FAKE
    "Deus Ex Human Revolution_is1" = Deus Ex Human Revolution
    "DirectVobSub" = DirectVobSub (remove only)
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FastStone Photo Resizer" = FastStone Photo Resizer 2.8
    "FATAL ZERO ACTION" = FATAL ZERO ACTION
    "FL Studio 6" = FL Studio 6
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "Garena" = Garena
    "Garena Messenger" = Garena Messenger and Heroes of Newerth
    "GetFLV Pro_is1" = GetFLV Pro 9.0.3.9
    "GFWL_{415807D5-45E8-4635-A5A9-C81000008400}" = BLAZBLUE -CALAMITY TRIGGER-
    "GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "Hong Kong Mahjong 1024" = Hong Kong Mahjong 1024
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
    "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
    "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
    "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
    "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
    "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Katawa Shoujo" = Katawa Shoujo
    "Killing Floor_is1" = Killing Floor
    "LeapFTP 3.0_is1" = LeapFTP 3.0
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "MagicDisc 2.5.79" = MagicDisc 2.5.79
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MapleStory" = MapleStory
    "McPixel_is1" = McPixel version 1.0.4
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
    "Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero8114_Micro_is1" = Nero 8 Micro v8.1.1.4
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NoIPDUC" = No-IP DUC
    "Notepad++" = Notepad++
    "Origin" = Origin
    "OVERGROWTH" = Overgrowth (remove only)
    "particleIllusion 3.0.2 full version_is1" = particleIllusion 3.0.2
    "PFConfig" = PFConfig 1.0.296
    "PIXresizer_is1" = PIXresizer 2.0.4
    "PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL
    "Proxifier_is1" = Proxifier version 2.9
    "psyco-py2.6" = Python 2.6 psyco-1.6
    "PunkBusterSvc" = PunkBuster Services
    "PyFFI" = PyFFI 2.1.6
    "PyFFI-py2.6" = Python 2.6 PyFFI-2.1.6
    "pywin32-py2.6" = Python 2.6 pywin32-214
    "Raganrok Renewal" = Ragnarok Renewal
    "Ragnarok Battle Offline" = Ragnarok Battle Offline
    "Ragnarok Online" = Ragnarok Online
    "Ragnarok Sakray" = Ragnarok Sakray
    "RealAlt_is1" = Real Alternative 1.9.0 Lite
    "Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
    "SendSpaceWizard" = SendSpace Wizard
    "Serious Sam HD The First Encounter_is1" = Serious Sam HD The First Encounter
    "Shop for HP Supplies" = Shop for HP Supplies
    "Spadille" = Spadille 1.5.1
    "StarCraft II" = StarCraft II
    "Steam App 102600" = Orcs Must Die!
    "Steam App 107400" = ARMA 2: Free
    "Steam App 17080" = Tribes: Ascend
    "Steam App 1840" = Source Filmmaker
    "Steam App 208670" = Blades of Time
    "Steam App 209870" = Blacklight: Retribution
    "Steam App 240" = Counter-Strike: Source
    "Steam App 4000" = Garry's Mod
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 630" = Alien Swarm
    "Steam App 70" = Half-Life
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "SuperHideIP" = Super Hide IP
    "Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.2.2
    "TwinkiRO" = TwinkiRO
    "uTorrent" = µTorrent
    "VirtuallTek Fighter Factory Classic_is1" = Fighter Factory Classic
    "VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VobSub" = VobSub v2.23 (Remove Only)
    "WampServer 2_is1" = WampServer 2.0
    "Warkeys" = Warkeys 1.19.0.0b
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows Vista Screen Saver_is1" = Windows Vista Screen Saver 1.0
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)
    "winusb0200" = Microsoft WinUsb 2.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World of Warcraft" = World of Warcraft
    "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
    "wxPython2.8-ansi-py26_is1" = wxPython 2.8.11.0 (ansi) for Python 2.6
    "Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
    "XpsEP" = XPS Essentials Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "Hawken" = Hawken
    "Imagicon" = Imagicon
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/12/2013 9:54:04 PM | Computer Name = COMPANY-6EF3B74 | Source = NativeWrapper | ID = 5000
    Description =

    Error - 1/15/2013 2:52:53 AM | Computer Name = COMPANY-6EF3B74 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
    could be found for product Microsoft .NET Framework 1.1. The Windows installer
    cannot continue.

    Error - 1/15/2013 2:52:53 AM | Computer Name = COMPANY-6EF3B74 | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\DOCUME~1\ccw\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

    Error - 1/15/2013 2:52:54 AM | Computer Name = COMPANY-6EF3B74 | Source = NativeWrapper | ID = 5000
    Description =

    Error - 1/17/2013 2:55:05 AM | Computer Name = COMPANY-6EF3B74 | Source = Application Error | ID = 1000
    Description = Faulting application hl2.exe, version 0.0.0.0, faulting module filesystem_steam.dll,
    version 1.0.0.1, fault address 0x0003ff6e.

    Error - 1/17/2013 2:58:24 AM | Computer Name = COMPANY-6EF3B74 | Source = Application Error | ID = 1000
    Description = Faulting application hl2.exe, version 0.0.0.0, faulting module filesystem_steam.dll,
    version 1.0.0.1, fault address 0x0003ff6e.

    Error - 1/17/2013 4:55:03 AM | Computer Name = COMPANY-6EF3B74 | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: COMPANY-6EF3B74\ccw Checkpoint ID: 1 Error Code: 0x80070005

    Error
    description: Access is denied.

    Error - 1/17/2013 4:55:03 AM | Computer Name = COMPANY-6EF3B74 | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: COMPANY-6EF3B74\ccw Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 1/17/2013 5:01:37 AM | Computer Name = COMPANY-6EF3B74 | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: COMPANY-6EF3B74\ccw Checkpoint ID: 1 Error Code: 0x80070005

    Error
    description: Access is denied.

    Error - 1/17/2013 5:01:37 AM | Computer Name = COMPANY-6EF3B74 | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: COMPANY-6EF3B74\ccw Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    [ OSession Events ]
    Error - 5/13/2009 7:52:19 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
    lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/20/2009 9:41:26 PM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/2/2009 10:02:36 PM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/30/2009 10:43:08 PM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/1/2010 4:35:18 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/6/2010 9:48:12 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/6/2010 9:48:23 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11/25/2010 4:06:12 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/8/2010 1:25:09 AM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/31/2011 11:37:59 PM | Computer Name = COMPANY-6EF3B74 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/9/2013 1:14:18 AM | Computer Name = COMPANY-6EF3B74 | Source = Service Control Manager | ID = 7034
    Description = The FsUsbExService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 1/9/2013 1:18:44 AM | Computer Name = COMPANY-6EF3B74 | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 1/9/2013 1:33:48 AM | Computer Name = COMPANY-6EF3B74 | Source = System Error | ID = 1003
    Description = Error code 00000019, parameter1 00000020, parameter2 89da1000, parameter3
    89da1418, parameter4 1a830000.

    Error - 1/9/2013 4:29:29 AM | Computer Name = COMPANY-6EF3B74 | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk2\D, has a bad block.

    Error - 1/10/2013 2:34:39 AM | Computer Name = COMPANY-6EF3B74 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    JRAID

    Error - 1/10/2013 3:05:36 AM | Computer Name = COMPANY-6EF3B74 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    JRAID

    Error - 1/12/2013 9:03:12 PM | Computer Name = COMPANY-6EF3B74 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

    Error - 1/12/2013 9:37:11 PM | Computer Name = COMPANY-6EF3B74 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

    Error - 1/12/2013 9:54:24 PM | Computer Name = COMPANY-6EF3B74 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

    Error - 1/15/2013 2:52:59 AM | Computer Name = COMPANY-6EF3B74 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
    Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).


    < End of report >
     
  3. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva390.sys -- (XDva390)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva386.sys -- (XDva386)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva332.sys -- (XDva332)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva208.sys -- (XDva208)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva204.sys -- (XDva204)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva195.sys -- (XDva195)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva189.sys -- (XDva189)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva177.sys -- (XDva177)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva170.sys -- (XDva170)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva167.sys -- (XDva167)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva165.sys -- (XDva165)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva158.sys -- (XDva158)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva132.sys -- (XDva132)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva121.sys -- (XDva121)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva104.sys -- (XDva104)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva037.sys -- (XDva037)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\x86\tcpiphlp.sys -- (tcpip helper)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ccw\LOCALS~1\Temp\MZH5CF.tmp -- (GarenaPEngine)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
      IE - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {7CC66639-C337-40C3-A661-34CF9F39D25E} - No CLSID value found.
      O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
      O3 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk = File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-2025429265-1035525444-682003330-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
      O20 - Winlogon\Notify\urqOIAQk: DllName - (urqOIAQk.dll) - File not found
      @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
      @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A5A90A3
      @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5638B93
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97BA9A8
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5AD7675
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Still with me?
     
  5. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    Yeah, sorry for the delay. Thanks for your patience. Here are the logs.

    OTL
    All processes killed
    ========== OTL ==========
    Service XDva397 stopped successfully!
    Service XDva397 deleted successfully!
    File C:\WINDOWS\system32\XDva397.sys not found.
    Service XDva390 stopped successfully!
    Service XDva390 deleted successfully!
    File C:\WINDOWS\system32\XDva390.sys not found.
    Service XDva386 stopped successfully!
    Service XDva386 deleted successfully!
    File C:\WINDOWS\system32\XDva386.sys not found.
    Service XDva332 stopped successfully!
    Service XDva332 deleted successfully!
    File C:\WINDOWS\system32\XDva332.sys not found.
    Service XDva208 stopped successfully!
    Service XDva208 deleted successfully!
    File C:\WINDOWS\system32\XDva208.sys not found.
    Service XDva204 stopped successfully!
    Service XDva204 deleted successfully!
    File C:\WINDOWS\system32\XDva204.sys not found.
    Service XDva195 stopped successfully!
    Service XDva195 deleted successfully!
    File C:\WINDOWS\system32\XDva195.sys not found.
    Service XDva190 stopped successfully!
    Service XDva190 deleted successfully!
    File C:\WINDOWS\system32\XDva190.sys not found.
    Service XDva189 stopped successfully!
    Service XDva189 deleted successfully!
    File C:\WINDOWS\system32\XDva189.sys not found.
    Service XDva177 stopped successfully!
    Service XDva177 deleted successfully!
    File C:\WINDOWS\system32\XDva177.sys not found.
    Service XDva170 stopped successfully!
    Service XDva170 deleted successfully!
    File C:\WINDOWS\system32\XDva170.sys not found.
    Service XDva167 stopped successfully!
    Service XDva167 deleted successfully!
    File C:\WINDOWS\system32\XDva167.sys not found.
    Service XDva165 stopped successfully!
    Service XDva165 deleted successfully!
    File C:\WINDOWS\system32\XDva165.sys not found.
    Service XDva158 stopped successfully!
    Service XDva158 deleted successfully!
    File C:\WINDOWS\system32\XDva158.sys not found.
    Service XDva132 stopped successfully!
    Service XDva132 deleted successfully!
    File C:\WINDOWS\system32\XDva132.sys not found.
    Service XDva121 stopped successfully!
    Service XDva121 deleted successfully!
    File C:\WINDOWS\system32\XDva121.sys not found.
    Service XDva104 stopped successfully!
    Service XDva104 deleted successfully!
    File C:\WINDOWS\system32\XDva104.sys not found.
    Service XDva037 stopped successfully!
    Service XDva037 deleted successfully!
    File C:\WINDOWS\system32\XDva037.sys not found.
    Service tcpip helper stopped successfully!
    Service tcpip helper deleted successfully!
    File C:\Program Files\Garena Plus\x86\tcpiphlp.sys not found.
    Service GGSAFERDriver stopped successfully!
    Service GGSAFERDriver deleted successfully!
    File C:\Program Files\Garena\safedrv.sys not found.
    Service GarenaPEngine stopped successfully!
    Service GarenaPEngine deleted successfully!
    File C:\DOCUME~1\ccw\LOCALS~1\Temp\MZH5CF.tmp not found.
    Service EagleXNt stopped successfully!
    Service EagleXNt deleted successfully!
    File C:\WINDOWS\system32\drivers\EagleXNt.sys not found.
    Service EagleNT stopped successfully!
    Service EagleNT deleted successfully!
    File C:\WINDOWS\system32\drivers\EagleNT.sys not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CC66639-C337-40C3-A661-34CF9F39D25E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CC66639-C337-40C3-A661-34CF9F39D25E}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk moved successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2025429265-1035525444-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqOIAQk\ deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A5A90A3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B5638B93 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D97BA9A8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D5AD7675 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 2510603 bytes

    User: All Users

    User: ccw
    ->Temp folder emptied: 5361131 bytes
    ->Temporary Internet Files folder emptied: 12431980 bytes
    ->Java cache emptied: 1760058 bytes
    ->FireFox cache emptied: 960766926 bytes
    ->Google Chrome cache emptied: 366047742 bytes
    ->Apple Safari cache emptied: 1013760 bytes
    ->Flash cache emptied: 91844 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 57482 bytes
    ->Flash cache emptied: 56478 bytes

    User: LocalService
    ->Temp folder emptied: 66083 bytes
    ->Temporary Internet Files folder emptied: 33172 bytes

    User: NetworkService
    ->Temp folder emptied: 2887714 bytes
    ->Temporary Internet Files folder emptied: 11979979 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 128627973 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 449105250 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 38323857 bytes

    Total Files Cleaned = 1,890.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: ccw
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: ccw
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01242013_025633

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_294.dat not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  6. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    checkup.txt
    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Windows Defender
    Malwarebytes Anti-Malware version 1.70.0.1100
    TuneUp Utilities 2008
    CCleaner
    Java(TM) 6 Update 13
    Java(TM) 6 Update 31
    Java 7 Update 11
    Java 2 Runtime Environment, SE v1.4.2_02
    Adobe Flash Player11.5.502.146
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox (18.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    McAfee VirusScan Enterprise Mcshield.exe
    McAfee VirusScan Enterprise VsTskMgr.exe
    McAfee VirusScan Enterprise SHSTAT.EXE
    Windows Defender MsMpEng.exe
    Windows Defender MSASCui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````
     
  7. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    FSS.txt
    Farbar Service Scanner Version: 16-01-2013
    Ran by ccw (administrator) on 24-01-2013 at 03:09:30
    Running from "C:\Documents and Settings\ccw\Desktop\New Folder"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll
    [2007-02-19 05:37] - [2008-06-03 22:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2007-12-12 01:36] - [2007-02-19 05:39] - 0018392 ____A (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E

    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    fssfltr(10) Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)
    0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
     
  8. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    I'm going to leave ESET Online Scanner running overnight. I'll get back to you when it is done scanning.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,630   +267

  10. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    No threats were found after the scan is completed. I suppose it's safe to assume that whatever viruses plaguing my computer is gone now. Let me know what you think.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =========================

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
     
  12. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    OTL log
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: ccw
    ->Temp folder emptied: 665380 bytes
    ->Temporary Internet Files folder emptied: 425246 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 96149234 bytes
    ->Google Chrome cache emptied: 358708570 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 8265 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 69264 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 129390636 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 558.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: ccw
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: ccw
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01262013_180646

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  13. MyCheeseCake

    MyCheeseCake TS Rookie Topic Starter Posts: 27

    My computer's running smoothly. Hopefully I can avoid all these viruses in the future with all these tools you've provided me. I appreciate the help, thank you. :D
     
  14. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.