Windows won't update, mouse troubles, had system fix too

Inactive
By treetops
Apr 25, 2012
Topic Status:
Not open for further replies.
  1. I have some sort of infections, windows wont update, some browser pages don't view right and my mouse double clicks sometimes when I single click. Well here are the logs n such. I am getting a new 2 tb hard drive and I am long over due for a cleaning. Also when I click on words it circles the whole word or paragraph sometimes. I had a "system fix" virus recently as well I followed a guide i googled to get rid of it I suspect its still lingering.

    ]

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.25.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Josh :: THETIMEMACHINE [administrator]

    4/25/2012 9:37:38 AM
    mbam-log-2012-04-25 (09-37-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248791
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Gmer had no log with the automatic quick scan
  2. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Josh at 10:13:10 on 2012-04-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2186 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Users\Josh\Desktop\Rarely Used\CoreTemp64\Core Temp.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\firefox.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>????????†††??†††}:??????????????;<local>;<local>??????????????????????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} - hxxp://67.128.8.65:12088/WatSearCtrl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.3.1
    TCP: Interfaces\{66B15DFE-C538-46E6-8B3A-458A7BCF3F19} : DhcpNameServer = 192.168.3.1
    TCP: Interfaces\{D6F66D99-525E-450A-9C84-31B0FABEB1E9} : DhcpNameServer = 66.212.63.228 66.212.48.10
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z179&form=ZGAADF&install_date=20111104&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\hanbitsoft\nphlauncher.dll
    FF - plugin: C:\ProgramData\Nexon\NGM\npNxGame.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
    .
    ---- FIREFOX POLICIES ----> Edit: Deleted by Bobbye
  3. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    Edit: Firefox policies deleted by Bobbye

    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-25 44768]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253600]
    S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
    .
    =============== Created Last 30 ================
    .
    2024-11-03 12:06:52 -------- d-----w- C:\DELL
    2012-04-25 15:24:31 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A7F9C7C-CE29-49D2-90EC-246628445AA5}\mpengine.dll
    2012-04-25 14:24:57 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-04-25 14:24:57 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-04-25 14:24:57 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-04-25 14:23:40 41184 ----a-w- C:\Windows\avastSS.scr
    2012-04-25 14:23:31 -------- d-----w- C:\ProgramData\AVAST Software
    2012-04-25 14:23:31 -------- d-----w- C:\Program Files\AVAST Software
    2012-04-21 06:56:08 -------- d-----w- C:\ProgramData\Battle.net
    2012-04-21 02:07:03 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
    2012-04-17 05:48:59 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-04-17 05:06:02 98816 ----a-w- C:\Windows\sed.exe
    2012-04-17 05:06:02 518144 ----a-w- C:\Windows\SWREG.exe
    2012-04-17 05:06:02 256000 ----a-w- C:\Windows\PEV.exe
    2012-04-17 05:06:02 208896 ----a-w- C:\Windows\MBR.exe
    2012-04-17 05:00:10 388096 ----a-r- C:\Users\Josh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-17 05:00:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-04-16 03:32:10 -------- d-----w- C:\Windows\CheckSur
    2012-04-12 05:31:32 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-11 01:53:17 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2012-04-11 01:51:55 77824 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
    2012-04-11 01:51:55 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-04-11 01:51:55 221184 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
    2012-04-11 01:51:55 221184 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-04-11 01:51:55 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
    2012-04-11 01:50:28 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
    2012-03-27 12:06:25 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-03-27 12:01:11 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-03-27 12:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-03-27 12:00:50 -------- d-----w- C:\ProgramData\PC Tools
    2012-03-27 12:00:49 -------- d-----w- C:\Users\Josh\AppData\Roaming\TestApp
    .
    ==================== Find3M ====================
    .
    2012-04-12 05:31:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-02 03:17:43 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-03-02 03:15:30 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-03-02 03:15:30 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-03-01 13:41:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-03-01 01:23:16 249856 ------w- C:\Windows\Setup1.exe
    2012-03-01 01:23:15 73216 ----a-w- C:\Windows\ST6UNST.EXE
    2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    .
    ============= FINISH: 10:13:34.01 ===============
  4. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/24/2009 11:54:40 AM
    System Uptime: 4/25/2012 7:28:02 AM (3 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790XT-UD4P
    Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 596 GiB total, 57.003 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\SIDESHOW\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SIDESHOW\0001
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\SYSTEM\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SYSTEM\0001
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\SIDESHOW\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SIDESHOW\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.6
    Age of Empires Online
    AGEIA GAME System Software 2.8.0
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    AudibleManager
    AutoIt v3.3.6.0
    avast! Free Antivirus
    Bandisoft MPEG-1 Decoder
    Battlefield 3™
    Battlelog Web Plugins
    BitTorrent
    DebugMode Wax 2.0
    Diablo II
    Diablo III Beta
    Dota 2
    Downloader
    Dual-Core Optimizer
    Duke Nukem Forever
    ePSXe 1.7.0
    ESN Sonar
    FCEUX 2.1.2
    Fraps
    From Dust
    GamersFirst LIVE!
    Gigabyte Raid Configurer
    Google Talk (remove only)
    HbsMozillaLauncher 1.0
    Hero Editor V0.96
    HiJackThis
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    ijji REACTOR
    ImagXpress
    ImgBurn
    InfraRecorder
    Java Auto Updater
    Java(TM) 6 Update 29
    League of Legends
    Magic ISO Maker v5.5 (build 0276)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.61.0.1400
    ManiaPlanet
    Microsoft .NET Framework 1.1
    Microsoft DirectX SDK (February 2010)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft XNA Framework Redistributable 3.1
    MotoHelper MergeModules
    Mozilla Firefox 4.0.1 (x86 en-US)
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Installer
    neroxml
    Nexon Game Manager
    Nokia Connectivity Cable Driver
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Origin
    Pando
    Pando Media Booster
    PC Connectivity Solution
    PCSX-Reloaded 1.9.92
    Plantronics Spokes Software
    Play Wireless USB Adapter
    Portforward Static IP Address 1.0.45
    PunkBuster Services
    Realtek Ethernet Controller Driver For Windows Vista and Later
    RealUpgrade 1.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
    Service Pack 3 for SQL Server 2008 (KB2546951)
    SpeedFan (remove only)
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    StarCraft II
    Steam
    swMSM
    System Requirements Lab
    TriDef 3D 4.4
    Trine 2
    Ubisoft Game Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.1.11
    Warcraft III
    Warcraft III: All Products
    WinDirStat 1.1.2
    Windows SideShow Managed Runtime 1.0
    WModem Driver Installer
    WolfTeam
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/25/2012 9:45:36 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 430 time(s).
    Edit: 429 Errors identical to above Deleted by Bobbye

    Merging posts
    4/18/2012 11:11:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070426: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2675157).

    4/18/2012 11:10:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070426: Update for Windows 7 for x64-based Systems (KB2679255).

    4/18/2012 11:10:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070426: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518).

    4/18/2012 11:10:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070426: Security Update for Windows 7 for x64-based Systems (KB2653956).

    ==== End Of File ===========================

    im going on vacation for 3 days see u then!
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Edit: Changing reply per review of posts.
    Please use your head when it comes to to something like almost 500 of the same Error! And including Firefox policies is not needed. I spent considerable time cleaning up this thread! When you return, please run the following and leave the logs.
    Thank you for letting me know you had marked the thread Active. Now you know why it wasn't picked up.
    ==========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    ===================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  6. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    Sorry about the unneeded cleanup. I greatly appreciate your help. I have used combofix about a month ago and it is uninstalled. My browser no longer asks me where to download to, so I will drag it to the desktop from downloads.


    Deleted a huge chunk of multi entries sorry if it is still cluttered, I did not want to delete anything you might want to look at. If I took anything out I should not have(unlikely) I still have the original log. I am now doing the rest of your directions. Also my mouse is having a very hard time circling text atm, if it doesn't stop acting wacky after your help I am buying a new one.

    EDIT
    I was following your instructions top to bottom and just saw your rule do not use any cleaning program while receiving help. I ran ccleaner after combofix. The cleaner and the registry. I will continue the rest of your advice I hope I did not mess anything up. Also I have bittorrent I will not run it, If I need to uninstall it during this process I will gladly do so.


    ComboFix 12-04-31.02 - Josh 04/30/2012 10:50:23.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2640 [GMT -7:00]
    Running from: c:\users\Josh\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\weave\toFetch
    c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\weave\toFetch\clients.json
    c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\weave\toFetch\tabs.json
    c:\windows\SysWow64\urttemp
    c:\windows\SysWow64\urttemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2024-11-03 12:06 . 2011-04-30 02:26 -------- d-----w- C:\DELL
    2012-04-30 18:22 . 2012-04-30 18:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-30 18:22 . 2012-04-30 18:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-04-30 18:22 . 2012-04-30 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-25 15:24 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A7F9C7C-CE29-49D2-90EC-246628445AA5}\mpengine.dll
    2012-04-25 14:24 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-04-25 14:24 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-04-25 14:24 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-25 14:24 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-04-25 14:24 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-04-25 14:24 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-04-25 14:24 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-04-25 14:23 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-04-25 14:23 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-04-25 14:23 . 2012-04-25 14:23 -------- d-----w- c:\programdata\AVAST Software
    2012-04-25 14:23 . 2012-04-25 14:23 -------- d-----w- c:\program files\AVAST Software
    2012-04-21 06:56 . 2012-04-21 06:56 -------- d-----w- c:\programdata\Battle.net
    2012-04-21 02:07 . 2012-04-21 08:40 -------- d-----w- c:\program files (x86)\Diablo III Beta
    2012-04-17 05:00 . 2012-04-17 05:00 388096 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-17 05:00 . 2012-04-17 05:00 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-04-16 03:32 . 2012-04-16 03:32 -------- d-----w- c:\windows\CheckSur
    2012-04-12 05:31 . 2012-04-12 05:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-11 01:53 . 2012-04-11 01:53 -------- d-----w- c:\program files (x86)\ATI Technologies
    2012-04-11 01:51 . 2009-07-30 07:31 77824 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
    2012-04-11 01:51 . 2009-07-30 07:31 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-04-11 01:51 . 2009-07-30 07:31 221184 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
    2012-04-11 01:51 . 2009-07-30 07:31 221184 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-04-11 01:51 . 2009-07-30 07:31 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
    2012-04-11 01:50 . 2009-07-29 16:31 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-12 05:31 . 2011-07-10 14:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-04 22:56 . 2009-10-24 20:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 03:17 . 2010-02-14 21:38 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-02 03:15 . 2010-02-14 21:34 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-03-02 03:15 . 2010-02-14 21:34 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-01 13:41 . 2010-02-14 21:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-03-01 01:23 . 2012-03-01 01:23 249856 ------w- c:\windows\Setup1.exe
    2012-03-01 01:23 . 2012-03-01 01:23 73216 ----a-w- c:\windows\ST6UNST.EXE
    2012-03-01 00:02 . 2009-09-28 06:12 2660160 ----a-w- c:\windows\system32\nvapi64.dll
    2012-02-29 21:00 . 2011-01-08 03:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-02-29 21:00 . 2011-01-08 03:49 6074176 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:59 . 2011-01-08 03:48 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-29 20:59 . 2011-01-08 03:48 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 20:59 . 2009-09-28 01:22 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-02-24 17:36 . 2012-03-27 12:01 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-02-23 17:18 . 2009-10-24 19:00 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    Cryptography Services Error !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-17_05.41.23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-03-27 12:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-30 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-30 17:21 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-27 12:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-30 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-03-27 12:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-24 19:15 . 2012-04-29 15:32 47304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-30 17:22 26020 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-10-24 18:46 . 2012-04-03 13:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-24 18:46 . 2012-04-24 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-24 18:46 . 2012-04-03 13:49 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-24 18:46 . 2012-04-24 15:41 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-03 13:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-24 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-04-19 06:28 97520 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-04-22 19:39 . 2012-04-22 19:39 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\e7efc73c52a5aeaf1fc83470ed455f4f\System.Web.DynamicData.Design.ni.dll
    + 2009-10-26 11:04 . 2012-04-30 05:54 5940 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2009-10-24 19:08 . 2012-04-30 17:22 7000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1737896416-2570679988-651388281-1000_UserData.bin
    + 2012-04-30 17:09 . 2012-04-30 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-17 00:49 . 2012-04-17 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-17 00:49 . 2012-04-17 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-30 17:09 . 2012-04-30 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-10-25 21:38 . 2012-04-25 21:30 422412 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2012-04-24 15:24 . 2012-04-24 15:24 413000 c:\windows\system32\FNTCACHE.DAT
    - 2012-04-09 19:51 . 2012-04-09 19:51 413000 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 05:01 . 2012-04-16 14:50 395216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-04-30 05:54 395216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-04-22 19:39 . 2012-04-22 19:39 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\76a205e2eeeafe760194d69c2513c1aa\System.Windows.Forms.DataVisualization.Design.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\d83371c8d64fd4071182f34a96f09983\System.Web.Extensions.Design.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\b147a82018c10ea7dfaf8f8125c92f56\System.Web.Entity.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\a98a8990270a77e6a62e067909aa332e\System.Web.Entity.Design.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\9b16b040d3d0c86777de01bab5b9d0f1\System.Web.DynamicData.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a6fbeebf631e147104fbde01bcc6602c\System.Web.DataVisualization.Design.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\2965fcd151e21543887df9006519ed58\AspNetMMCExt.ni.dll
    + 2010-02-06 10:17 . 2012-04-19 14:06 2939544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-06-02 11:27 . 2012-04-24 22:35 7336828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737896416-2570679988-651388281-1000-12288.dat
    + 2012-04-22 19:39 . 2012-04-22 19:39 1226752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\abfe51993df8d3de6f000297de7ead9d\System.WorkflowServices.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 4476416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\03a20bf18f39c7d1a98769c6bcb46830\System.Workflow.ComponentModel.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\533c90d6e55e0529feb68df7f0dad47b\System.Workflow.Activities.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\cfd26c0116fafc3f71408fb255ff824a\System.Web.Mobile.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 3126784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\494597da341f23eed60c65daf13d93dd\System.Web.Extensions.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 4575232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ff3ad02fb7f572ec84afc681fda661fc\System.Web.DataVisualization.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
    + 2012-04-22 19:39 . 2012-04-22 19:39 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
    + 2012-04-22 19:38 . 2012-04-22 19:38 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2010-05-03 11:35 . 2012-04-30 05:54 25066296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737896416-2570679988-651388281-1000-8192.dat
    + 2012-04-22 19:39 . 2012-04-22 19:39 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll
    .
    -- Snapshot reset to current date --
  7. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Josh\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-29 36864]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 253600]
    R3 ATICDSDr;ATICDSDr;c:\users\Josh\AppData\Local\Temp\ATICDSDr.sys [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
    R3 cpuz130;cpuz130;c:\users\Josh\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\MetalAssault\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
    R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R3 X6va005;X6va005;c:\users\Josh\AppData\Local\Temp\005CF5F.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 370024]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:31]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>????????†††??†††}:??????????????;<local>;<local>??????????????????????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.3.1
    DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} - hxxp://67.128.8.65:12088/WatSearCtrl.cab
    FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z179&form=ZGAADF&install_date=20111104&q=
    FF - user.js: signed.applets.codebase_principal_support - true
    /* To avoid the user interaction, add the following lines: */
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/
    /* GLDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/
    /* BGFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/
    /* BILD */
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/
    /* BTUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/
    /* CLIC */
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/
    /* COUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.id - hxxp://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.id - hxxps://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/
    /* MEDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.id - hxxps://www.metaboli.de/
    /* CUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/
    /* EUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/
    /* FUNR */
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/
    /* GONE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/
    /* GUDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/
    /* META */
    FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT2.id - hxxp://www.preprod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETAINT2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETAINT2.id - hxxp://www.preprod.metaboli.fr/
    /* MNDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/
    /* MNFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/
    /* MNUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/
    /* NCNU */
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/
    /* QPUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/
    /* SFFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/
    /* SPDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/
    /* WOJ_ */
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.id - hxxps://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.id - hxxp://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.id - hxxps://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.id - hxxp://woj-int.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.id - hxxps://woj-int.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_2.id - hxxp://preprod-god.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_2.id - hxxps://preprod-god.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_3.id - hxxp://prod.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_3.id - hxxps://prod.jeu.orange.fr/
    user_pref(capability.principal.codebase.YummyPlayer_XX0001.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0001.id,hxxp://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.id,hxxps://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.id,hxxp://neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.id,hxxp://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.id,hxxps://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.id,hxxp://ads.metaboli.de);
    /* added 17-03-09 */
    user_pref(capability.principal.codebase.YummyPlayer_XX0412.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0412.id,hxxp://cnet.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0413.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0413.id,hxxps://cnet.metaboli.co.uk);
    /* GWDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.id - hxxp://gwde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.id - hxxp://gwde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.id - hxxps://gwde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.id - hxxps://gwde.int.metaboli.fr/
    /* GMUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.id - hxxp://game.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.id - hxxp://gmuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.id - hxxps://game.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.id - hxxps://gmuk.int.metaboli.fr/
    /* CNET */
    FF - user.js: capability.principal.codebase.YummyPlayer_CNET.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CNET.id - hxxp://cnet.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.id - hxxp://cnet.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.id - hxxps://cnet.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.id - hxxps://cnet.int.metaboli.fr/
    /* IGUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.id - hxxp://iguk.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.id - hxxp://iguk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.id - hxxps://iguk.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.id - hxxps://iguk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.id - hxxp://Incgamers.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.id - hxxps://Incgamers.metaboli.co.uk/
    /* SKFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.id - hxxp://skfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.id - hxxp://skfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.id - hxxps://skfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.id - hxxps://skfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.id - hxxp://Skyrock.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.id - hxxps://Skyrock.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR3.id - hxxp://ondemand.premium.games.skyrock.net/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR3.id - hxxps://ondemand.premium.games.skyrock.net/
    FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.id - hxxp://free-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.id - hxxps://free-int.metaboli.fr/
    /* GNUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.id - hxxp://gamestation.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.id - hxxps://gamestation.metaboli.co.uk/
    /* NEW MSN UK DE */
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.id - hxxp://playnow.tech.uk.msn.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.id - hxxps://playnow.tech.uk.msn.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.id - hxxp://pc-spiele-flatrate.msn.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.id - hxxps://pc-spiele-flatrate.msn.de/
    /* VMUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.id - hxxp://virginmedia.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.id - hxxps://virginmedia.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.id - hxxp://vmuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.id - hxxps://vmuk.int.metaboli.fr/
    /* WDDE (web de) INT */
    FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.id - hxxp://wdde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.id - hxxps://wdde.int.metaboli.fr/
  8. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    /* ORUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.id - hxxp://orange.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.id - hxxps://orange.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.id - hxxp://oruk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.id - hxxps://oruk.int.metaboli.fr/
    /* MEDI int */
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.id - hxxp://medi.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.id - hxxps://medi.int.metaboli.fr/
    /* SAT1 */
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.id - hxxp://spieleflatrate.sat1.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.id - hxxps://spieleflatrate.sat1.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.id - hxxp://sat1.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.id - hxxps://sat1.int.metaboli.fr/
    /* OWDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.id - hxxp://onlinewelten.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.id - hxxps://onlinewelten.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.id - hxxp://owde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.id - hxxps://owde.int.metaboli.fr/
    /* GRAD INT */
    FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.id - hxxp://grad.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.id - hxxps://grad.int.metaboli.fr/
    /* RTLN */
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.id - hxxp://rtl.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.id - hxxps://rtl.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.id - hxxp://rtln.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.id - hxxps://rtln.int.metaboli.fr/
    /* MNIT */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.id - hxxp://pcgames.msn.it/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.id - hxxps://pcgames.msn.it/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.id - hxxp://mnit.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.id - hxxps://mnit.int.metaboli.fr/
    /* CUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://atheneum.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://atheneum.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.id - hxxps://cuuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_CCUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CCUK2.id - hxxp://atheneum.uk.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCCUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCCUK2.id - hxxps://atheneum.uk.com/
    /* SCDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.id - hxxp://schueler.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.id - hxxps://schueler.metaboli.de/
    /* MNSE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNSE.id - hxxp://spela.pcspel.msn.se/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNSE.id - hxxps://spela.pcspel.msn.se/
    /* GMSE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GMSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMSE.id - hxxp://game.metaboli.se/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMSE.id - hxxps://game.metaboli.se/
    /* OHFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR.id - hxxp://jeuxpc.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR.id - hxxps://jeuxpc.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFRINT.id - hxxp://ohfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFRINT.id - hxxps://ohfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR2.id - hxxp://ohfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR2.id - hxxps://ohfr.metaboli.fr/
    /* OHDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE.id - hxxp://pcspiele.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE.id - hxxps://pcspiele.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDEINT.id - hxxp://ohde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDEINT.id - hxxps://ohde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE2.id - hxxp://ohde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE2.id - hxxps://ohde.metaboli.de/
    /* GAMETAP */
    FF - user.js: capability.principal.codebase.YummyPlayer_GTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GTUS.id - hxxp://www.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGTUS.id - hxxps://www.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGTUS.granted - UniversalXPConnect
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Josh\AppData\Local\Temp\005CF5F.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1737896416-2570679988-651388281-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a6,3c,20,65,84,74,d3,b2,5e,76,6d,7d,31,4e,a7,35,63,18,5a,ca,66,
    93,99,d8,1b,fd,f5,df,b8,88,83,7a,2c,7d,93,a4,8b,f7,b1,9a,9a,05,b8,22,ab,94,\
    "rkeysecu"=hex:fe,99,c2,8a,da,a7,f4,1d,e1,87,b2,09,ea,48,1d,fc
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-04-30 11:25:13
    ComboFix-quarantined-files.txt 2012-04-30 18:25
    .
    Pre-Run: 80,176,156,672 bytes free
    Post-Run: 80,010,706,944 bytes free
    .
    - - End Of File - - 8FBB79F8D269A9B99D4DC33FBBE380ED
  9. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    ESETOnlineScan found no infections

    CKSCANNER LOG
    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\debugmode\wax 2.0\presets\vl presets\vl misc\cracked.wxpr
    c:\program files (x86)\microsoft directx sdk (february 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp
    c:\program files (x86)\microsoft directx sdk (february 2010)\samples\c++\direct3d\uvatlas\crackdecl.h
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_1.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_1b.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_2.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_2b.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_3.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_4.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_5.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_6.psf
    c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\particles\particle_snapshots\good_ancient_destruction\goodancient_ground_crackglow_7.psf
    scanner sequence 3.GE.11.NELBUO
    ----- EOF -----
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please see this: P2P SOFTWARE USER ADVISORIES

    All of the goodancient_ground_crackglow_#.psf are torrent downloads.
    ---------------------------------------
    Advise open your browser and set default download location to desktop.:
    For Firefox: Open Firefox> Tools> Options> Main section> Downloads section> Check Save download to.......Browse to an select Desktop
    =========================
    About this:
    The purpose of this forum is to help you find and remove malware. You should do any other 'cleaning' such as uninstall programs you don't use, delete temporary internet files nad Cookies, do disc cleanup, defrag and error check. Also delete files and folders you are finished with. Don't do this now but it will be up to you to get it done when we have finished with malware cleaning. When I see some logs, I get the feeling that we are frequently used as the local laundrymat!
    ========================
    Error seen in Combofix: Cryptography Services Error !!
    You cannot install some updates or programs:
    Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer.
    See if this handles the update problem:
    Set Cryptographic Services to Automatic, and then try to install the program again.
    1. Click on Start> Run> type in services.msc> Enter.
    2. Double-click Cryptographic Service to open
    3. Set Startup Type to Automatic Start
    4. Click Start to start the Service.
    Exit Services.
    Try the update again- see if the error is gone. If not, we'll go further.
    =========================================
    Possible update problem or tool related:
    You may become unable to install updates from Windows Update, due to inconsistencies in file data or registry data. By installing the System Update Readiness Tool, you can resolve these inconsistencies and you will be able to install updates from Windows Update. After the System Update Readiness Tool is installed, install updates again from Windows Update.
    Entry: 2012-04-16 03:32 -------- d-----w- c:\windows\CheckSur> for Checking System Update Readiness.
    Reference: http://support.microsoft.com/kb/947821
    =========================================
    Regarding the Firefox entry section beginning with:
    Have you added lines to invoke this? Please see http://forums.mozillazine.org/viewtopic.php?f=25&t=729685&p=3801935
    I have never seen entries like this output persistently in Combofix.
    --------------------------------------
    Combofix has also deleted some FF files that may be related to DPC Latency. This is not an area I'm familiar with, but if you are setting up special features to run, you might want to examine them:
    There are also removals of URTTemp entries: These are related to the NET Framework:
    ==================================================
    There is a proxy override setting from hell! We can handle that:
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    ==================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>????????†††??†††}:??????????????;<local>;<local>??????????????????????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Note: Spell check has not been run.
  11. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    I have dota 2 beta, iv had it for about 4 months as far as I know you cannot get a cracked version as is with most betas. Perhaps youv made a mistake or rather the search program made a mistake. Again I really do appreciate your help :), time to get to business. Oh when I said cleaning I really meant the malware, since that setup fix virus I have had a few trojans a week, I dont want them spreading to my new hd. My download manager no longer works my mouse is wacky etc. If this was a laundry mat it would be the best on the web hehe.

    Downloads have been set to the desktop.

    Cryptographic service was and is set to automatic, I pressed start and got error 1067.
    I will wait for more instructions before I proceed.

    No I did not add any lines to combo fix nor am I running it in any special way. That system fix virus seems to hit your computer all over.
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'd like you to run OTL. It has 2 logs and may give me a bit more information about some of the entries. Please check your logs and let me know if you have any idea why all the Firefox user.js: capability.principal.codebase...... entries are printing out.

    For the Cryptographic Service error: When I attempt to start the service I receive an error 1067, please see THIS.
    ===========================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  13. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    I really do not know why they are printing out, ill look at them more when I post em here its easier on the eyes, my computer knowledge is still low compared to the helpers on here.

    OTL Extras logfile created on: 5/1/2012 12:41:32 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Josh\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.45% Memory free
    8.00 Gb Paging File | 6.65 Gb Available in Paging File | 83.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.16 Gb Total Space | 66.00 Gb Free Space | 11.07% Space Free | Partition Type: NTFS

    Computer Name: THETIMEMACHINE | User Name: Josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
    "C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
    "C:\Program Files (x86)\Subagames\ACE Online\Launcher.atm" = C:\Program Files (x86)\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2
    "C:\Program Files (x86)\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
    "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
    "C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files (x86)\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
    "C:\Program Files (x86)\Subagames\ACE Online\Launcher.atm" = C:\Program Files (x86)\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2
    "C:\Program Files (x86)\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files (x86)\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
    "C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00C66F40-7B40-4FFB-A13F-D2356D9D6DB8}" = lport=53 | protocol=17 | dir=in | name=udp5 |
    "{09DE5738-1C2D-43AF-9380-9DD2631BF8AE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0E7558D6-4897-4AD5-B497-DF7FEBB4D2E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1339EE0D-DAB7-4857-BFAC-FE9ECDE338E4}" = lport=88 | protocol=17 | dir=in | name=udp1 |
    "{145BB0B4-1073-4C1A-AE9C-032CDF0C2645}" = lport=3074 | protocol=17 | dir=in | name=udp3 |
    "{1EF12B8C-43A6-4345-8C94-29F393B6CFAB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{57FBE1C5-6FA7-419F-84C9-1941EF93F5B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{64F49F1D-0364-442F-B347-B3FDF523E1C4}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
    "{6A816175-72B0-4139-A487-996D16209987}" = lport=53 | protocol=6 | dir=in | name=tcp3 |
    "{7A30A575-EACE-41A9-A6C4-F784C3AE140B}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
    "{7ED99E97-0A72-4D47-A410-B75E69A9481C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
    "{8023DB12-8294-4996-AB81-977E5FA10A5D}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
    "{86778EA5-1313-4B2C-B1B5-17DB23287301}" = lport=88 | protocol=17 | dir=in | name=udp2 |
    "{89DC954F-85CE-439E-B717-6E8F3E2BD34B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A59C389F-F0E2-475B-A423-FED65E0EB0BB}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
    "{A8F9CDA0-66F8-4BC3-B17B-2B85A85A5F63}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{ADEDD33C-1965-4FC3-944E-5E9CA54E3D78}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{B52189CA-2231-41D8-9356-EC0D9C35C2BD}" = lport=3074 | protocol=6 | dir=in | name=tcp2 |
    "{C0848C80-74D9-49E1-8EB2-1AB97FBAD590}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{C2F25AF0-B6EF-46AA-88F4-91AE8AD91213}" = lport=80 | protocol=6 | dir=in | name=tcp windows live |
    "{CA89BA0D-AAEA-47C3-A30A-8E27176C3AC5}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{E1B9772F-4284-4FEF-B83C-47B0C8A20F75}" = lport=443 | protocol=6 | dir=in | name=tcp4 |
    "{ED202BEA-0D14-4813-8668-4301EDA7F97D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0090860C-C0DD-4C6E-9531-F52AF2AB945F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{01C85E96-DAD8-417B-A4AE-AA05B631980B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{05E0C51D-5AD2-486A-86D1-6866BF6943F4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{08DD33F2-5E83-4B42-BE5A-4545CB9BD9BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0E17B385-5AC9-45C3-85E5-3DAFEACE516F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
    "{109D716A-2987-4B48-94D3-2E904E645524}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
    "{10F9BC23-E181-4ADE-B97A-F4AFA220BB7C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{17873069-6CF0-48A6-AAD8-D3780199D7B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{17ACB3FE-F992-48BE-B41A-6D37CA1549C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{1923DD3F-34C8-4A73-901C-007A5B640B5E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{1FF5DA0B-8670-411E-B5DE-1042987D4AAB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{211AACA7-1B11-491A-9611-7B3AD76C3F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "{21281D35-3BBA-4E31-BB33-93132F550203}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
    "{239CCFE3-7BB2-480B-AF07-C4000FDA7541}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "{2AA4FD06-1620-4C66-B982-CE0D58369AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "{2AC01B09-B502-4363-8253-2B226F888229}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "{3842B008-BF2D-43ED-B79D-F6B8A1319BF4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "{3D91190E-7760-4210-879A-4FFA09D9F3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{545BB4F0-FADB-4175-B45E-00DB997D1418}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{564AB15D-974B-473C-924E-98A14738B7FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{571724F0-FBCA-442D-ABD3-3295EE711C75}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
    "{57B718B9-B64F-4E89-B2A0-E524519A6076}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{5A3A59D1-71C2-45BA-B168-A4A05BF6F4CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{5A819D00-FF2F-41CF-9F7D-81A24CA849BF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{5B335C2B-C803-4BED-A362-24D2E72940D2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{5BD28610-23BF-4315-B901-E31AE61A5DC5}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
    "{603E6669-BE87-4373-93C9-1691F1663283}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
    "{618E57B1-7D58-4788-B2D2-5E500EA07AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "{6F40B860-ADA4-4E38-A1E7-5DC4BD617E3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{74CEB489-8532-41B0-8F35-BDD283B4C068}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{7ABC659C-7F74-4E55-A8CB-7D573388EC98}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
    "{7B8A7B89-84CE-4838-B8D0-4028349EB181}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{7CDCECB4-BBB9-42A5-AEF6-3D81DCDD6698}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{7D50A914-18B5-4D02-9364-F1C10F4F8B44}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{7EA540A5-F14A-47E2-AC6F-E5798C1A87D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{8822A171-669D-4131-9E1D-C7B06A351675}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{883CDE15-B1A3-4478-9DFE-36E852BE5342}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{8AFF3DFF-C081-4C4D-AF7D-1BAFF143B013}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{8B9D2B3C-0CA9-4A29-81C2-5BFCAFE7D7C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{9609CE80-1932-4CD1-9F6F-362AD6FF2306}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{99EEE59E-8CB0-4B11-8475-573F59FA772D}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
    "{9BE576ED-2C0C-45CC-8AB3-0012BD72B662}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
    "{9C34B9E2-3BEF-49BA-8F0E-F1EBBFDF285C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
    "{9E50A2B7-1309-4294-8E2A-519BDDC788A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{9F024925-5970-48E1-8110-C09230AEF828}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
    "{A20D6A17-9F9D-4273-B010-8C39EE7D36E6}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
    "{A52190A0-3363-450A-88A3-F3E7A2423CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
    "{A9E75948-BF21-44DE-96E1-DC1B1973B257}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "{AB0E41FB-3043-4724-A2D4-F54C74DA0828}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{ABBA8F69-342D-43EA-AFBA-428013E82EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{ABC838C6-A66B-450A-9675-491FD99E7012}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
    "{B43BEEE4-150D-479E-A667-74CBDA0CB2BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
    "{B5D96292-0740-408A-87F1-20EC1FC31AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{B980B8E6-3FFD-4F49-80A7-5976803F27AF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "{BEEA5C0F-F7FC-48F2-B128-D5F701E0180A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C8E812CB-F32E-4D77-9319-436CC0A76F55}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{CBEE7952-1269-4F0D-9DD8-166500E25C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{D1B7204B-955C-4CED-80F6-B1B95EFB1E74}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
    "{D6A449C2-B00C-46D9-A867-4B3D72705FDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{D717B8DA-72BB-4F28-9F77-6A098207BCE5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{DCF340C9-E161-468A-933E-518ACA3D2BE5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
    "{DE4EC0B3-1520-42C7-9AF6-1CD911E13C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{E573A550-14F6-4652-AA64-6780416E99FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{E9665578-0D90-4387-BB66-AF1DE1ADD747}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{EC903A9B-837E-4B1C-B20B-D5CF9119C0CE}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{ECC8EDF9-C377-4C3A-A76F-9C4458109BD1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F09544C1-8C91-43C7-819D-40A001DD96F4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
    "{F0AB8F5F-86FB-4D26-BB21-FEA917409B4D}" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe |
    "{F0AD404E-5340-4D59-B45E-8A1CF9CD6573}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{F324E3B6-5978-4C3E-9849-72559517540A}" = dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe |
    "{F5C15393-7653-473E-A7B1-2110DA893551}" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe |
    "{FBD09683-DE11-4DDE-8E28-5417BDE70710}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
    "TCP Query User{0EF667BD-CFB0-4E12-A817-828F16E81C19}C:\users\josh\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{27F5E630-C41F-48EE-9EA3-27E05D70FE0E}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
    "TCP Query User{2E72A283-A3A5-4846-8489-A1FBE0489C00}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{33A5ED10-911D-49A6-919C-E56BC3C75DEF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "TCP Query User{36DB6F2C-C60B-434E-8896-A942E2C052D5}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
    "TCP Query User{3D29B3DA-1F18-446C-BBEA-0D0692387909}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
    "TCP Query User{422B1F89-1AAE-41F3-88E2-7237439B2CAF}C:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
    "TCP Query User{43C70E30-1BBD-43B6-BD7E-545FFE55387F}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "TCP Query User{5650649B-398D-41AF-A3B5-DAB9ABEA3D21}C:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe |
    "TCP Query User{73051508-40B5-484D-81E8-BCC3F51F5B13}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "TCP Query User{81D3F706-7AE3-48F2-9618-3238592811C9}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
    "TCP Query User{8DBBF219-4C81-454C-B313-8C0D3ACEE6AD}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{9422646D-CC81-40B9-A06E-1A41883E42E4}C:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe |
    "TCP Query User{A7D04F8C-2CA3-4D71-8161-602C827AF2F2}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
    "TCP Query User{AB4862BB-6C68-42E1-A1DE-D39F06584C0A}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "TCP Query User{AC27D427-9BB4-4146-8B64-16B88C1BD1A0}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
    "TCP Query User{B30330B5-EA28-4812-8CEE-DB9631E70976}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
    "TCP Query User{BF3543CB-4921-45F9-B43B-0B035F23DABC}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "TCP Query User{CC605B57-5C9D-48B1-A43F-30AEAC20CF68}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "TCP Query User{D5B5DB21-35EB-491B-BAE8-69EF0DAF89EB}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 |
     
  14. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "TCP Query User{D5D7EC66-0779-4F06-8F5C-76D9DDFF23E6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{E4054737-297B-4B80-B60A-285B51756BA9}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "TCP Query User{E486B51A-58F2-4327-96FF-C1AB8A28EEBA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "TCP Query User{FA483206-6E56-4AF0-A04C-A9E45CE672CF}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "UDP Query User{0B96B93F-26A0-4D69-8633-DB91207D6779}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "UDP Query User{1F7DBA32-DCD5-4CD9-868D-71AAED72D9DD}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
    "UDP Query User{3917C0D0-4D79-4F0B-8C96-DC7F8D5BBA11}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "UDP Query User{3C56250B-9D57-41C4-AF88-F0C6B6235AAD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{3D465F1D-11BB-445B-9C12-DD1B1AFDDDA0}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "UDP Query User{4942E4C8-2D4E-4E33-952C-0FDF9504CF10}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |
    "UDP Query User{6712DFA6-1A03-4673-9661-D02F60385D5F}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
    "UDP Query User{6B9E65FB-A12A-4435-B434-A12F9AD70F64}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{6BF6A22E-A25C-4295-A12F-ED9241911307}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{7CB3D044-736B-411D-AAE2-D1C4308271DF}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
    "UDP Query User{7EDF809B-2783-4667-80BB-EF5784A35147}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "UDP Query User{92215D07-97D9-4F53-B044-3691706AF1FB}C:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 3\bin\win32_release\stronghold3.exe |
    "UDP Query User{9ADF0F81-BF21-49E9-A02A-DFF5DF27231F}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
    "UDP Query User{9AF50C16-1495-4D5C-8C70-4E6037DF8DAE}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
    "UDP Query User{9BD74B37-843C-45D7-B9FD-5CEC60136A8F}C:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe |
    "UDP Query User{9FC147DC-0B8C-46FB-98AF-18CDF05F4E12}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |
    "UDP Query User{A9CA096F-1E34-4AC6-8D43-E1F7A6D76C03}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "UDP Query User{AE3EC6A9-459A-4B7B-A20E-E79C7D1B73E3}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
    "UDP Query User{B1F039E5-647E-46CA-B1CC-A3B6683331C0}C:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\josh\desktop\rarely used\games\left.4.dead.2.full.patched.directplay.ibbes\left 4 dead 2\left4dead2.exe |
    "UDP Query User{B3F59A95-F518-4CA2-9E91-CA34DA658939}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{D18EB8C5-AE5E-4A46-805A-62F256820D68}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
    "UDP Query User{D6D49866-D316-4792-A37D-6982062F0B92}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
    "UDP Query User{ED2B7BA9-E622-454E-8C61-DBC8D83D4BF2}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "UDP Query User{F50C9325-EFDA-4469-B4CE-73B31C515062}C:\users\josh\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
    "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8118FA36-FB52-4738-9BFB-4380E91B7D36}" = Google Drive
    "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
    "{E736D890-A1FE-41FF-85E6-77F94E3CC8D4}" = Plantronics Spokes Software
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "All ATI Software" = ATI - Software Uninstall Utility
    "AudibleManager" = AudibleManager
    "AutoItv3" = AutoIt v3.3.6.0
    "avast" = avast! Free Antivirus
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BitTorrent" = BitTorrent
    "DebugMode Wax 2.0" = DebugMode Wax 2.0
    "Diablo II" = Diablo II
    "Diablo III Beta" = Diablo III Beta
    "Downloader" = Downloader
    "ePSXe" = ePSXe 1.7.0
    "ESET Online Scanner" = ESET Online Scanner v3
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "essentials-bundle" = TriDef 3D 4.4
    "FCEUX" = FCEUX 2.1.2
    "Fraps" = Fraps
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
    "HbsMozillaLauncher" = HbsMozillaLauncher 1.0
    "HTC_WModemDriver" = WModem Driver Installer
    "ImgBurn" = ImgBurn
    "InfraRecorder" = InfraRecorder
    "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "ManiaPlanet_is1" = ManiaPlanet
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft DirectX SDK (February 2010)" = Microsoft DirectX SDK (February 2010)
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "PCSX-Reloaded" = PCSX-Reloaded 1.9.92
    "Portforward Static IP Address" = Portforward Static IP Address 1.0.45
    "PunkBusterSvc" = PunkBuster Services
    "SpeedFan" = SpeedFan (remove only)
    "ST6UNST #1" = Hero Editor V0.96
    "StarCraft II" = StarCraft II
    "Steam App 33460" = From Dust
    "Steam App 570" = Dota 2
    "Steam App 57900" = Duke Nukem Forever
    "SystemRequirementsLab" = System Requirements Lab
    "Trine 2_is1" = Trine 2
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "VLC media player" = VLC media player 1.1.11
    "Warcraft III" = Warcraft III
    "WolfTeam" = WolfTeam

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Akamai" = Akamai NetSession Interface
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "Warcraft III" = Warcraft III: All Products
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/30/2012 4:45:10 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0xf88 Faulting application start time: 0x01cd27122259fecb Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\ESENT.dll
    Report
    Id: 6015b4bd-9305-11e1-b55f-00241d7d5d3a

    Error - 4/30/2012 5:04:02 PM | Computer Name = TheTimeMachine | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Josh\Downloads\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 4/30/2012 6:05:46 PM | Computer Name = TheTimeMachine | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\Josh\Downloads\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 5/1/2012 2:26:02 PM | Computer Name = TheTimeMachine | Source = MSSQL$SQLEXPRESS | ID = 9003
    Description = The log scan number (405:456:1) passed to log scan in database 'master'
    is not valid. This error may indicate data corruption or that the log file (.ldf)
    does not match the data file (.mdf). If this error occurred during replication,
    re-create the publication. Otherwise, restore from backup if the problem results
    in a failure during startup.

    Error - 5/1/2012 2:26:16 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0x41c Faulting application start time: 0x01cd27c7d30f051c Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\ESENT.dll
    Report
    Id: 2308b0ab-93bb-11e1-a82d-00241d7d5d3a

    Error - 5/1/2012 2:27:57 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0xe14 Faulting application start time: 0x01cd27c7fda0ed51 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\ESENT.dll
    Report
    Id: 5f1c5795-93bb-11e1-a82d-00241d7d5d3a

    Error - 5/1/2012 2:46:06 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0xda4 Faulting application start time: 0x01cd27c821938159 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\ESENT.dll
    Report
    Id: e8527a42-93bd-11e1-a82d-00241d7d5d3a

    Error - 5/1/2012 2:46:44 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0x744 Faulting application start time: 0x01cd27cabdfbcd93 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\ESENT.dll
    Report
    Id: fecff2af-93bd-11e1-a82d-00241d7d5d3a

    Error - 5/1/2012 3:36:19 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0xd78 Faulting application start time: 0x01cd27cb58f5db0f Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\ESENT.dll
    Report
    Id: ec8fdffd-93c4-11e1-a82d-00241d7d5d3a

    Error - 5/1/2012 3:36:38 PM | Computer Name = TheTimeMachine | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_CryptSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ESENT.dll, version: 6.1.7601.17577,
    time stamp: 0x4d79bfba Exception code: 0xc0000005 Fault offset: 0x00000000000059a0
    Faulting
    process id: 0x1254 Faulting application start time: 0x01cd27d1b42b6e10 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\ESENT.dll
    Report
    Id: f7a51a98-93c4-11e1-a82d-00241d7d5d3a

    [ System Events ]
    Error - 5/1/2012 2:46:44 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The DNS Client service terminated unexpectedly. It has done this
    4 time(s).

    Error - 5/1/2012 2:46:44 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Workstation service terminated unexpectedly. It has done this
    4 time(s).

    Error - 5/1/2012 3:36:20 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Cryptographic Services service terminated unexpectedly. It has
    done this 5 time(s).

    Error - 5/1/2012 3:36:20 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The DNS Client service terminated unexpectedly. It has done this
    5 time(s).

    Error - 5/1/2012 3:36:20 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Workstation service terminated unexpectedly. It has done this
    5 time(s).

    Error - 5/1/2012 3:36:20 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Telephony service terminated unexpectedly. It has done this 3
    time(s).

    Error - 5/1/2012 3:36:38 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Cryptographic Services service terminated unexpectedly. It has
    done this 6 time(s).

    Error - 5/1/2012 3:36:38 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The DNS Client service terminated unexpectedly. It has done this
    6 time(s).

    Error - 5/1/2012 3:36:38 PM | Computer Name = TheTimeMachine | Source = Service Control Manager | ID = 7034
    Description = The Workstation service terminated unexpectedly. It has done this
    6 time(s).

    Error - 5/1/2012 3:47:01 PM | Computer Name = TheTimeMachine | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.


    < End of report >
  15. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    OTL logfile created on: 5/1/2012 12:41:32 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Josh\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.45% Memory free
    8.00 Gb Paging File | 6.65 Gb Available in Paging File | 83.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.16 Gb Total Space | 66.00 Gb Free Space | 11.07% Space Free | Partition Type: NTFS

    Computer Name: THETIMEMACHINE | User Name: Josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Josh\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    PRC - C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\pysqlite2._sqlite.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\pythoncom26.dll ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32com.shell.shell.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\pyexpat.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32api.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\_elementtree.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\_ctypes.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._html2.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\_socket.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32crypt.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._core_.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._controls_.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._windows_.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._gdi_.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._misc_.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\_ssl.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\unicodedata.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\_hashlib.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32gui.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\wx._wizard.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32file.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\PyWinTypes26.dll ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32inet.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32process.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\win32event.pyd ()
    MOD - C:\Users\Josh\AppData\Local\Temp\_MEI25162\select.pyd ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll ()
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
    SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
    SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
    DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
    DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
    DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
    DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
    DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
    DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)
    DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
    DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys (Ralink Technology Inc.)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation)
    DRV:64bit: - (HabuFltr) -- C:\Windows\SysNative\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
    DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77de5b10&psa=&st=sb&searchfor={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\SearchScopes,DefaultScope = {AD7B9ADE-16DB-439E-B078-B09A42A29E13}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=12316
    IE - HKCU\..\SearchScopes\{1BB2D5A5-CB28-6828-A0B4-440879C5BE32}: "URL" = http://www.bing.com/search?q={searc...install_date=20111104&iesrc={referrer:source}
    IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77de5b10&psa=&st=sb&searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKCU\..\SearchScopes\{AD7B9ADE-16DB-439E-B078-B09A42A29E13}: "URL" = http://findgala.com/?&uid=5762&q={searchTerms}
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80031&lng=en
    IE - HKCU\..\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}: "URL" = http://dm.startnow.com/s/?q={search...s_version=6.1-x64-SP1&iesrc={referrer:source}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local>????????†††??†††}:??????????????;<local>;<local>??????????????????????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
    FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.26.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.mywebsearch.prevKwdURL: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z179&form=ZGAADF&install_date=20111104&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
    FF - HKLM\Software\MozillaPlugins\@hanbiton.com/HbsMozillaLauncher: C:\ProgramData\hanbitsoft\nphlauncher.dll (hanbitsoft)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/25 07:23:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\components [2012/04/29 13:57:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins [2011/06/17 12:24:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\components [2012/04/29 13:57:02 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins [2011/06/17 12:24:38 | 000,000,000 | ---D | M]

    [2009/11/14 02:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
    [2009/11/14 02:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2012/04/29 14:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions
    [2011/12/02 06:04:47 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2012/01/09 15:00:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/01/09 15:01:02 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    [2011/12/02 06:13:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/11/14 02:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\SeaMonkey\Profiles\m50jeiji.default\extensions
    [2011/02/27 19:39:30 | 000,002,059 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\searchplugins\daemon-search.xml
  16. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    [2010/06/15 02:06:15 | 000,002,168 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\searchplugins\inbox-search.xml
    [2010/06/15 02:06:14 | 000,010,060 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\searchplugins\mywebsearch.xml
    [2012/03/27 01:02:33 | 000,001,210 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\searchplugins\search.xml
    () (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8UDUIOJM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8UDUIOJM.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

    ========== Chrome ==========

    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z179&form=ZGACDF&install_date=20111104
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    CHR - plugin: TestGen Plug-in 7.4 (Enabled) = C:\Users\Josh\Desktop\Rarely Used\Mozilla Firefox\plugins\nptgeqplugin.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
    CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Josh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: We-Care Reminder Lite = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.9_0\

    O1 HOSTS File: ([2012/04/30 11:23:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} http://67.128.8.65:12088/WatSearCtrl.cab (WebGuard Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab (Battlefield Play4Free Updater)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365488EF-5C53-4A24-816F-85FF023530B1}: DhcpNameServer = 192.168.3.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66B15DFE-C538-46E6-8B3A-458A7BCF3F19}: DhcpNameServer = 192.168.3.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6F66D99-525E-450A-9C84-31B0FABEB1E9}: DhcpNameServer = 66.212.63.228 66.212.48.10
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\belarc - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2024/11/03 05:08:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2024/11/03 05:06:52 | 000,000,000 | ---D | C] -- C:\DELL
    [2012/05/01 12:38:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    [2012/04/30 13:48:25 | 000,000,000 | --SD | C] -- C:\Users\Josh\Google Drive
    [2012/04/30 13:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2012/04/30 13:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/04/30 11:54:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/30 11:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/04/30 11:25:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/30 10:42:37 | 004,479,582 | R--- | C] (Swearware) -- C:\Users\Josh\Desktop\ComboFix.exe
    [2012/04/25 07:24:58 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/04/25 07:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/04/25 07:24:57 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/04/25 07:24:57 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/04/25 07:24:57 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/04/25 07:24:57 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/04/25 07:24:57 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/04/25 07:24:57 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/04/25 07:23:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/04/25 07:23:39 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/04/25 07:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/04/25 07:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/04/20 23:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/04/20 19:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
    [2012/04/20 19:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
    [2012/04/16 22:06:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/16 22:06:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/16 22:06:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/16 22:05:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/16 22:05:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/16 22:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/04/16 22:00:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/04/15 20:32:10 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/04/10 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2012/04/10 18:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/04/10 17:43:54 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2012/04/10 17:43:54 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2012/04/06 15:02:28 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\School Semester 6
    [12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/01 12:40:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/01 12:38:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
    [2012/05/01 12:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/01 11:31:04 | 000,019,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/01 11:31:04 | 000,019,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/01 11:25:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/01 11:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/05/01 11:25:42 | 000,413,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/01 11:25:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/01 11:25:28 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/30 13:48:25 | 000,001,700 | ---- | M] () -- C:\Users\Josh\Desktop\Google Drive.lnk
    [2012/04/30 11:23:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/30 10:43:03 | 004,479,582 | R--- | M] (Swearware) -- C:\Users\Josh\Desktop\ComboFix.exe
    [2012/04/25 07:24:58 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/04/25 07:24:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/04/20 19:08:48 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
    [2012/04/18 23:20:58 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/16 02:22:53 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/10 19:03:33 | 000,000,743 | ---- | M] () -- C:\Windows\ATICIM.INI
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/01 11:25:32 | 000,413,000 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/04/30 13:48:25 | 000,001,700 | ---- | C] () -- C:\Users\Josh\Desktop\Google Drive.lnk
    [2012/04/30 13:30:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/30 13:30:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/25 07:24:58 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/04/25 07:24:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/04/20 19:07:03 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
    [2012/04/16 22:06:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/16 22:06:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/16 22:06:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/16 22:06:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/16 22:06:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/16 02:22:53 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/04/11 22:31:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/10 19:03:21 | 000,000,743 | ---- | C] () -- C:\Windows\ATICIM.INI
    [2012/03/27 01:01:55 | 000,000,112 | ---- | C] () -- C:\ProgramData\R4LNyYXq.dat
    [2012/03/01 06:41:05 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/03/02 05:44:33 | 000,004,954 | ---- | C] () -- C:\ProgramData\pubjtini.xmz
    [2010/12/28 00:10:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/09/02 01:21:22 | 000,000,190 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\default.rss
    [2010/07/06 19:27:33 | 000,000,092 | ---- | C] () -- C:\Users\Josh\AppData\Local\fusioncache.dat
    [2010/05/05 21:51:27 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
    [2010/05/05 18:36:45 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe

    ========== LOP Check ==========

    [2011/02/16 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\.bsnes
    [2011/07/09 02:52:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\.minecraft
    [2012/01/09 14:33:35 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Ashampoo
    [2012/04/30 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent
    [2011/05/28 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Command and Conquer 4
    [2010/02/11 03:57:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Command and Conquer 4 Beta
    [2011/11/15 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Lite
    [2010/12/21 00:35:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Darkfall
    [2011/08/25 21:56:30 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Darkfall US
    [2012/03/03 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DarknessIIDemo
    [2010/10/26 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\elefundesktops
    [2009/12/11 14:09:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FileZilla
    [2009/10/26 16:05:10 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Free-backup.info
    [2009/11/15 00:52:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FrostWire
    [2010/05/21 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FUEL Demo
    [2010/06/16 08:00:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GetRightToGo
    [2011/03/09 10:07:01 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Hi-Rez Studios
    [2010/05/05 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ijjigame
    [2010/09/02 02:33:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ImgBurn
    [2012/01/09 15:22:59 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\InfraRecorder
    [2011/02/26 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Kalypso Media
    [2011/03/29 08:31:34 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LolClient
    [2009/11/14 11:14:37 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2009/11/14 08:51:13 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mount&Blade
    [2011/03/02 05:44:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Movavi
    [2010/11/09 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Need for Speed World
    [2010/10/26 06:33:29 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\NoteTab Light
    [2011/07/10 07:04:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\OpenCandy
    [2011/11/22 21:25:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Origin
    [2012/01/17 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PFStaticIP
    [2010/11/27 03:49:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\runic games
    [2009/12/19 00:29:18 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Subversion
    [2011/11/24 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\supertuxkart
    [2010/01/06 22:10:03 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SystemRequirementsLab
    [2012/03/27 05:00:49 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TestApp
    [2011/12/08 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Trine2
    [2010/07/06 19:30:20 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Turbine
    [2010/11/23 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\W
    [2010/11/23 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Wargaming.Net
    [2010/05/21 19:49:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ZombieDriver
    [2012/04/23 23:32:00 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >

    As for the link regarding error 1067
    1. The setup mode is still active, you must return to setup mode and end the process through the shutdown link.

    How do I go about this what is the shutdown link?

    2. You have another application running on port 443. For Windows 2000 this will be IIS, for other Operating Systems you will need to find out what process is using the port. There are two solutions for this, change the port that SSL-Explorer forwards on, or to change the port/shutdown the application that is currently using port 443.

    What program can I use to see what ports are being used?

    edit
    I'm heading out will check back tomorrow.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'm leaving the following OTL Fix for you to run- if it will run. There is so much running in this system! There are line and line of temp Python modules and dozens of other processes I don't even know why they are showing.
    You are working on a 64-bit Windows NTWorkstation. This is not a system that can be worked on effectively on this kind of board- there's too much output. You are going to either find-and pay for remote help-or take it to a shpt with a very experienced tech. The work needed exceeds what we do here:
    =======================================================
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77de5b10&psa=&st=sb&searchfor={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes,DefaultScope = {AD7B9ADE-16DB-439E-B078-B09A42A29E13}
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=12316
      IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/myweb...n=77de5b10&psa=&st=sb&searchfor={searchTerms}
      IE - HKCU\..\SearchScopes\{AD7B9ADE-16DB-439E-B078-B09A42A29E13}: "URL" = http://findgala.com/?&uid=5762&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;192.168.*.*;<local>????????†††??†††}:??????????????;<local>;<local>??????????????????????????????????????????????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
      [2012/01/09 15:01:02 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
      O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
      O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} http://67.128.8.65:12088/WatSearCtrl.cab (WebGuard Control)
      O18:64bit: - Protocol\Handler\belarc - No CLSID value found
      O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18 - Protocol\Handler\belarc - No CLSID value found
      [12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  18. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    On post # 10 I stopped just before your instructions of,
    There is a proxy override setting from hell! We can handle that:
    perhaps that is why I still have so much output. I stopped because I could not get around the error. Noting this just in case.

    I'm flattered you refereed to my computer as a workstation and disappointed your help is nearing a end. How much do you think remote assistance or bringing my computer in will cost? I will consider reinstalling windows 7, I would like to back a few things up on my new HD but I am afraid it will become infected and don't want to install before I reinstall windows, thoughts? Also I think I would have a very hard time in finding a high level tech at a local computer shop am I wrong in this assumption? By the way I backed up important school work on google drive already.

    I will change my firefox proxy setting as you stated in post 10 before running this OTL fix as I am now convinced was not a chronological ordered step instruction.

    Ok that is done, note I did not run the post 10 custom script but I shall run the one in post 17 as I believe that is what you intend for me to do, lol I guess that is implied.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD7B9ADE-16DB-439E-B078-B09A42A29E13}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD7B9ADE-16DB-439E-B078-B09A42A29E13}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.
    C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Starting removal of ActiveX control {03C0000A-CF6D-4EF4-A2D6-376622318018}
    C:\Windows\Downloaded Program Files\WatSearCtrl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03C0000A-CF6D-4EF4-A2D6-376622318018}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C0000A-CF6D-4EF4-A2D6-376622318018}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03C0000A-CF6D-4EF4-A2D6-376622318018}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C0000A-CF6D-4EF4-A2D6-376622318018}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
    File Protocol\Handler\belarc - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
    File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ not found.
    File Protocol\Handler\belarc - No CLSID value found not found.
    C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
    C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
    C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
    C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP folder deleted successfully.
    C:\Windows\6833245EDD86479A882A8360D62C8194.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\6833245EDD86479A882A8360D62C8194.TMP folder deleted successfully.
    C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
    C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder deleted successfully.
    C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
    C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
    C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Josh\Desktop\cmd.bat deleted successfully.
    C:\Users\Josh\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes
    User: Josh
    ->Temp folder emptied: 24030759 bytes
    ->Temporary Internet Files folder emptied: 2352452 bytes
    ->Java cache emptied: 23253846 bytes
    ->FireFox cache emptied: 944711571 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 8800688 bytes
    User: OOG
    ->Temp folder emptied: 0 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 53632 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2098 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 12094297 bytes
    RecycleBin emptied: 3738113893 bytes
    Total Files Cleaned = 4,533.00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: DefaultAppPool
    ->Flash cache emptied: 0 bytes
    User: Josh
    ->Flash cache emptied: 0 bytes
    User: OOG
    User: Public
    User: UpdatusUser
    ->Flash cache emptied: 0 bytes
    Total Flash Files Cleaned = 0.00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: DefaultAppPool
    User: Josh
    ->Java cache emptied: 0 bytes
    User: OOG
    User: Public
    User: UpdatusUser
    Total Java Files Cleaned = 0.00 mb
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point
    OTL by OldTimer - Version 3.2.42.2 log created on 05022012_092521
    Files\Folders moved on Reboot...
    C:\Users\Josh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\_avast_\unp140293926.tmp moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    Registry entries deleted on Reboot...
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please reboot the computer.

    Then update Combofix and run it again. From OTM: Total Files Cleaned = 4,533.00 mb This is a huge number of files!

    Let's see if this improved anything. The bad proxy override has been removed as were the current Alternate Data Streams.
    Please leave the new Combofix log.
  20. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    Alright but note I never did this as I was stalled by the error.
    Please run this Custom CFScript:


    Rebooted now rerunning combo fix. I am not running the custom fix I believe you are having me just run it again and hope it updates on its own this time. I over analyze I know.

    Looks like it updated fine, but still produced a monster log

    ComboFix 12-05-02.03 - Josh 05/02/2012 14:40:39.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2721 [GMT -7:00]
    Running from: c:\users\Josh\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Josh\AppData\Local\Temp\_MEI28962\_ctypes.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\_elementtree.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\_hashlib.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\_socket.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\_ssl.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\pyexpat.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\pysqlite2._sqlite.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\python26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\pythoncom26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\PyWinTypes26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\select.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32api.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32com.shell.shell.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32crypt.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32event.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32file.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32gui.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32inet.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\win32process.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._controls_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._core_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._gdi_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._html2.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._misc_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._windows_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wx._wizard.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxbase293u_net_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxbase293u_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxmsw293u_adv_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxmsw293u_core_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxmsw293u_html_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI28962\wxmsw293u_webview_vc.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2024-11-03 12:06 . 2011-04-30 02:26 -------- d-----w- C:\DELL
    2012-05-02 22:20 . 2012-05-02 22:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-02 22:20 . 2012-05-02 22:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-05-02 22:20 . 2012-05-02 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-02 16:25 . 2012-05-02 16:25 -------- d-----w- C:\_OTL
    2012-04-30 20:48 . 2012-05-02 21:30 -------- d-s---w- c:\users\Josh\Google Drive
    2012-04-30 20:30 . 2012-04-30 20:47 -------- d-----w- c:\program files (x86)\Google
    2012-04-30 18:53 . 2012-04-30 18:53 -------- d-----w- c:\program files (x86)\ESET
    2012-04-25 15:24 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A7F9C7C-CE29-49D2-90EC-246628445AA5}\mpengine.dll
    2012-04-25 14:24 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-04-25 14:24 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-04-25 14:24 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-04-25 14:24 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-04-25 14:24 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-04-25 14:24 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-04-25 14:24 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-04-25 14:23 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-04-25 14:23 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-04-25 14:23 . 2012-04-25 14:23 -------- d-----w- c:\programdata\AVAST Software
    2012-04-25 14:23 . 2012-04-25 14:23 -------- d-----w- c:\program files\AVAST Software
    2012-04-21 06:56 . 2012-04-21 06:56 -------- d-----w- c:\programdata\Battle.net
    2012-04-21 02:07 . 2012-04-21 08:40 -------- d-----w- c:\program files (x86)\Diablo III Beta
    2012-04-17 05:00 . 2012-04-17 05:00 388096 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-17 05:00 . 2012-04-17 05:00 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-04-16 03:32 . 2012-04-16 03:32 -------- d-----w- c:\windows\CheckSur
    2012-04-12 05:31 . 2012-04-12 05:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-11 01:53 . 2012-04-11 01:53 -------- d-----w- c:\program files (x86)\ATI Technologies
    2012-04-11 01:51 . 2009-07-30 07:31 77824 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
    2012-04-11 01:51 . 2009-07-30 07:31 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
    2012-04-11 01:51 . 2009-07-30 07:31 221184 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
    2012-04-11 01:51 . 2009-07-30 07:31 221184 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
    2012-04-11 01:51 . 2009-07-30 07:31 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
    2012-04-11 01:50 . 2009-07-29 16:31 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-12 05:31 . 2011-07-10 14:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-04 22:56 . 2009-10-24 20:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 03:17 . 2010-02-14 21:38 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-02 03:15 . 2010-02-14 21:34 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-03-02 03:15 . 2010-02-14 21:34 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-01 13:41 . 2010-02-14 21:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-03-01 01:23 . 2012-03-01 01:23 249856 ------w- c:\windows\Setup1.exe
    2012-03-01 01:23 . 2012-03-01 01:23 73216 ----a-w- c:\windows\ST6UNST.EXE
    2012-03-01 00:02 . 2009-09-28 06:12 2660160 ----a-w- c:\windows\system32\nvapi64.dll
    2012-02-29 21:00 . 2011-01-08 03:49 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-02-29 21:00 . 2011-01-08 03:49 6074176 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:59 . 2011-01-08 03:48 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-29 20:59 . 2011-01-08 03:48 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 20:59 . 2009-09-28 01:22 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-02-24 17:36 . 2012-03-27 12:01 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-02-23 17:18 . 2009-10-24 19:00 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    Cryptography Services Error !!
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-04-30_18.23.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-04-30 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-05-02 22:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-30 17:21 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-02 22:33 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-02 22:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-30 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-24 19:15 . 2012-05-02 21:32 48194 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-02 22:35 26326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-10-24 18:46 . 2012-05-02 22:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-24 18:46 . 2012-04-24 15:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-05-02 22:15 . 2012-05-02 22:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-24 15:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-02 22:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-04-30 20:30 . 2012-04-30 20:30 25600 c:\windows\Installer\ae5f84.msi
    + 2009-10-24 19:08 . 2012-05-02 22:35 7382 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1737896416-2570679988-651388281-1000_UserData.bin
    + 2012-05-02 22:33 . 2012-05-02 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-30 17:09 . 2012-04-30 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-02 22:33 . 2012-05-02 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-30 17:09 . 2012-04-30 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-01 18:25 . 2012-05-01 18:25 413000 c:\windows\system32\FNTCACHE.DAT
    - 2012-04-24 15:24 . 2012-04-24 15:24 413000 c:\windows\system32\FNTCACHE.DAT
    + 2009-07-14 05:01 . 2012-05-02 22:32 395216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-30 05:54 395216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-06-02 11:27 . 2012-05-01 23:48 7336828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737896416-2570679988-651388281-1000-12288.dat
    - 2010-06-02 11:27 . 2012-04-24 22:35 7336828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737896416-2570679988-651388281-1000-12288.dat
    + 2010-05-03 11:35 . 2012-05-02 22:32 25433584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737896416-2570679988-651388281-1000-8192.dat
    + 2012-04-30 20:47 . 2012-04-30 20:47 12035584 c:\windows\Installer\ae5f89.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Josh\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-04-26 11397448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
    R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-29 36864]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 253600]
    R3 ATICDSDr;ATICDSDr;c:\users\Josh\AppData\Local\Temp\ATICDSDr.sys [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
    R3 cpuz130;cpuz130;c:\users\Josh\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\MetalAssault\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
    R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R3 X6va005;X6va005;c:\users\Josh\AppData\Local\Temp\005CF5F.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 370024]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:31]
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 20:30]
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 20:30]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-04-26 19:22 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-04-26 19:22 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-04-26 19:22 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-04-26 19:22 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.3.1
    FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\8uduiojm.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z179&form=ZGAADF&install_date=20111104&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: signed.applets.codebase_principal_support - true
    /* To avoid the user interaction, add the following lines: */
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/
    /* GLDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/
    /* BGFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/
    /* BILD */
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/
    /* BTUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/
    /* CLIC */
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/
    /* COUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WCOUK.id - hxxp://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSCOUK.id - hxxps://www.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/
    /* MEDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMEDE.id - hxxps://www.metaboli.de/
    /* CUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/
    /* EUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/
    /* FUNR */
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/
    /* GONE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/
    /* GUDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/
    /* META */
    FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_METAINT2.id - hxxp://www.preprod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETAINT2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMETAINT2.id - hxxp://www.preprod.metaboli.fr/
    /* MNDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/
    /* MNFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/
    /* MNUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/
    /* NCNU */
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/
    /* QPUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/
    /* SFFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/
    /* SPDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/
    /* WOJ_ */
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_INT.id - hxxps://woj-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PP.id - hxxp://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PP.id - hxxps://woj-pp.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_PPINT.id - hxxp://woj-int.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_PPINT.id - hxxps://woj-int.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_2.id - hxxp://preprod-god.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_2.id - hxxps://preprod-god.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_3.id - hxxp://prod.jeu.orange.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_3.id - hxxps://prod.jeu.orange.fr/
    user_pref(capability.principal.codebase.YummyPlayer_XX0001.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0001.id,hxxp://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0002.id,hxxps://www.neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0003.id,hxxp://neufgame.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0004.id,hxxp://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0005.id,hxxps://ad.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0006.id,hxxp://ads.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0007.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0007.id,hxxps://ads.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0008.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0008.id,hxxp://ads.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0009.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0009.id,hxxps://ads.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0010.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0010.id,hxxp://ads.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0011.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0011.id,hxxps://ads.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0012.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0012.id,hxxp://ag.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0013.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0013.id,hxxps://ag.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0014.granted,UniversalXPConnect);
  21. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    user_pref(capability.principal.codebase.YummyPlayer_XX0014.id,hxxp://alice.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0015.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0015.id,hxxps://alice.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0016.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0016.id,hxxp://allocine.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0017.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0017.id,hxxps://allocine.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0018.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0018.id,hxxp://am.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0019.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0019.id,hxxps://am.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0020.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0020.id,hxxp://aol.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0021.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0021.id,hxxps://aol.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0022.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0022.id,hxxp://bc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0023.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0023.id,hxxps://bc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0024.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0024.id,hxxp://linternaute.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0025.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0025.id,hxxps://linternaute.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0026.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0026.id,hxxp://bild.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0027.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0027.id,hxxps://bild.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0028.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0028.id,hxxp://btvision.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0029.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0029.id,hxxps://btvision.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0030.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0030.id,hxxp://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0031.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0031.id,hxxp://cg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0032.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0032.id,hxxps://cg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0033.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0033.id,hxxp://cibleclick.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0034.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0034.id,hxxps://cibleclick.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0035.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0035.id,hxxp://cegetel.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0036.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0036.id,hxxps://cegetel.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0037.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0037.id,hxxp://choc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0038.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0038.id,hxxps://choc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0039.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0039.id,hxxp://cj.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0040.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0040.id,hxxps://cj.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0041.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0041.id,hxxp://cj.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0042.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0042.id,hxxps://cj.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0043.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0043.id,hxxp://cj.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0044.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0044.id,hxxps://cj.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0045.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0045.id,hxxp://cj.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0046.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0046.id,hxxps://cj.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0047.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0047.id,hxxp://metaboli.clubic.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0048.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0048.id,hxxps://metaboli.clubic.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0049.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0049.id,hxxp://metaboli.club-internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0050.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0050.id,hxxps://metaboli.club-internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0051.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0051.id,hxxp://coeur.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0052.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0052.id,hxxps://coeur.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0053.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0053.id,hxxp://come.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0054.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0054.id,hxxps://come.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0055.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0055.id,hxxp://lesaccros2.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0056.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0056.id,hxxps://lesaccros2.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0057.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0057.id,hxxp://surcouf.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0058.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0058.id,hxxps://surcouf.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0059.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0059.id,hxxp://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0060.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0060.id,hxxps://www.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0061.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0061.id,hxxp://cs.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0062.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0062.id,hxxps://cs.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0063.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0063.id,hxxp://custompc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0064.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0064.id,hxxps://custompc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0065.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0065.id,hxxp://cvg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0066.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0066.id,hxxps://cvg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0067.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0067.id,hxxp://daooda.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0068.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0068.id,hxxps://daooda.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0069.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0069.id,hxxp://daooda.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0070.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0070.id,hxxps://daooda.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0071.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0071.id,hxxp://daooda.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0072.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0072.id,hxxps://daooda.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0073.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0073.id,hxxp://digitaldownload.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0074.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0074.id,hxxps://digitaldownload.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0075.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0075.id,hxxp://eurogamer.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0076.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0076.id,hxxps://eurogamer.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0077.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0077.id,hxxp://eurogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0078.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0078.id,hxxps://eurogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0079.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0079.id,hxxp://exagame.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0080.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0080.id,hxxps://exagame.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0081.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0081.id,hxxp://fb.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0082.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0082.id,hxxps://fb.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0083.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0083.id,hxxp://fb.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0084.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0084.id,hxxps://fb.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0085.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0085.id,hxxp://fb.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0086.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0086.id,hxxps://fb.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0087.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0087.id,hxxp://firstcoffee.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0088.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0088.id,hxxps://firstcoffee.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0089.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0089.id,hxxp://fnac.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0090.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0090.id,hxxps://fnac.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0091.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0091.id,hxxp://fox.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0092.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0092.id,hxxps://fox.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0093.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0093.id,hxxp://fox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0094.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0094.id,hxxps://fox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0095.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0095.id,hxxp://fox.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0096.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0096.id,hxxps://fox.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0097.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0097.id,hxxp://free.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0098.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0098.id,hxxps://free.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0099.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0099.id,hxxp://funsta.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0100.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0100.id,hxxps://funsta.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0101.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0101.id,hxxp://funsta.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0102.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0102.id,hxxps://funsta.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0103.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0103.id,hxxp://metaboli.funradio.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0104.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0104.id,hxxps://metaboli.funradio.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0105.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0105.id,hxxp://fastweb.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0106.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0106.id,hxxps://fastweb.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0107.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0107.id,hxxp://god1.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0108.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0108.id,hxxps://god1.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0109.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0109.id,hxxp://god2.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0110.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0110.id,hxxps://god2.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0111.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0111.id,hxxp://god3.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0112.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0112.id,hxxps://god3.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0113.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0113.id,hxxp://gamona.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0114.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0114.id,hxxps://gamona.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0115.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0115.id,hxxp://giga.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0116.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0116.id,hxxps://giga.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0117.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0117.id,hxxp://gameseek.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0118.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0118.id,hxxps://gameseek.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0119.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0119.id,hxxp://www.gamesflatrate.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0120.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0120.id,hxxps://www.gamesflatrate.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0121.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0121.id,hxxp://games24.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0122.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0122.id,hxxps://games24.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0123.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0123.id,hxxp://ondemand.game.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0124.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0124.id,hxxps://ondemand.game.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0125.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0125.id,hxxp://google.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0126.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0126.id,hxxps://google.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0127.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0127.id,hxxp://google.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0128.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0128.id,hxxps://google.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0129.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0129.id,hxxp://gameone.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0130.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0130.id,hxxps://gameone.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0131.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0131.id,hxxp://google.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0132.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0132.id,hxxps://google.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0133.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0133.id,hxxp://goog.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0134.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0134.id,hxxps://goog.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0135.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0135.id,hxxp://google.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0136.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0136.id,hxxps://google.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0137.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0137.id,hxxp://gameplay.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0138.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0138.id,hxxps://gameplay.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0139.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0139.id,hxxp://gamesonradar.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0140.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0140.id,hxxps://gamesonradar.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0141.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0141.id,hxxp://gameshadow.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0142.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0142.id,hxxps://gameshadow.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0143.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0143.id,hxxp://gametap.metaboli.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0144.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0144.id,hxxps://gametap.metaboli.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0145.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0145.id,hxxp://gametap2.metaboli.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0146.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0146.id,hxxps://gametap2.metaboli.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0147.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0147.id,hxxp://gamespot.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0148.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0148.id,hxxps://gamespot.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0149.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0149.id,hxxp://gamerunlimited.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0150.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0150.id,hxxps://gamerunlimited.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0151.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0151.id,hxxp://guts.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0152.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0152.id,hxxps://guts.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0153.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0153.id,hxxp://gameswelt.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0154.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0154.id,hxxps://gameswelt.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0155.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0155.id,hxxp://gmx.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0156.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0156.id,hxxps://gmx.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0157.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0157.id,hxxp://hoaxbuster.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0158.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0158.id,hxxps://hoaxbuster.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0159.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0159.id,hxxp://incgamers.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0160.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0160.id,hxxps://incgamers.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0161.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0161.id,hxxp://imbogames.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0162.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0162.id,hxxps://imbogames.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0163.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0163.id,hxxp://ja.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0164.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0164.id,hxxps://ja.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0165.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0165.id,hxxp://janews.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0166.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0166.id,hxxps://janews.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0167.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0167.id,hxxp://jvfr.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0168.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0168.id,hxxps://jvfr.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0169.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0169.id,hxxp://jeux-pc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0170.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0170.id,hxxps://jeux-pc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0171.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0171.id,hxxp://kelkoo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0172.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0172.id,hxxps://kelkoo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0173.granted,UniversalXPConnect);
  22. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    user_pref(capability.principal.codebase.YummyPlayer_XX0340.id,hxxp://sg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0341.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0341.id,hxxps://sg.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0342.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0342.id,hxxp://sg.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0343.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0343.id,hxxps://sg.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0344.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0344.id,hxxp://sg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0345.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0345.id,hxxps://sg.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0346.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0346.id,hxxp://shopping.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0347.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0347.id,hxxps://shopping.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0348.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0348.id,hxxp://shopping.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0349.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0349.id,hxxps://shopping.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0350.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0350.id,hxxp://shoot.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0351.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0351.id,hxxps://shoot.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0352.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0352.id,hxxp://shopping.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0353.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0353.id,hxxps://shopping.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0354.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0354.id,hxxp://spieletipps.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0355.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0355.id,hxxps://spieletipps.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0356.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0356.id,hxxp://sqoops.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0357.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0357.id,hxxps://sqoops.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0358.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0358.id,hxxp://tiscali.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0359.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0359.id,hxxps://tiscali.metaboli.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0360.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0360.id,hxxp://tradedoubler.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0361.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0361.id,hxxps://tradedoubler.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0362.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0362.id,hxxp://metaboli.tele2internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0363.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0363.id,hxxps://metaboli.tele2internet.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0364.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0364.id,hxxp://www.metaboli.fr:8889);
    user_pref(capability.principal.codebase.YummyPlayer_XX0365.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0365.id,hxxps://www.metaboli.fr:8889);
    user_pref(capability.principal.codebase.YummyPlayer_XX0366.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0366.id,hxxp://telecharger.tomsgames.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0367.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0367.id,hxxps://telecharger.tomsgames.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0368.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0368.id,hxxp://to-record.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0369.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0369.id,hxxps://to-record.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0370.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0370.id,hxxp://turbo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0371.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0371.id,hxxps://turbo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0372.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0372.id,hxxp://twenga.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0373.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0373.id,hxxps://twenga.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0374.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0374.id,hxxp://vc.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0375.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0375.id,hxxps://vc.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0376.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0376.id,hxxp://vc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0377.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0377.id,hxxps://vc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0378.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0378.id,hxxp://vc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0379.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0379.id,hxxps://vc.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0380.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0380.id,hxxp://videogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0381.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0381.id,hxxps://videogamer.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0382.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0382.id,hxxp://jeuxvideopc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0383.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0383.id,hxxps://jeuxvideopc.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0384.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0384.id,hxxp://virginmega.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0385.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0385.id,hxxps://virginmega.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0386.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0386.id,hxxp://virginmedia.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0387.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0387.id,hxxps://virginmedia.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0388.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0388.id,hxxp://metaboli.goa.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0389.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0389.id,hxxps://metaboli.goa.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0390.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0390.id,hxxp://webde.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0391.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0391.id,hxxps://webde.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0392.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0392.id,hxxp://metaboli.libero.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0393.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0393.id,hxxps://metaboli.libero.it);
    user_pref(capability.principal.codebase.YummyPlayer_XX0394.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0394.id,hxxp://metaboli.goa.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0395.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0395.id,hxxps://metaboli.goa.com);
    user_pref(capability.principal.codebase.YummyPlayer_XX0396.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0396.id,hxxp://jeuxvideo.orange.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0397.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0397.id,hxxps://jeuxvideo.orange.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0398.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0398.id,hxxp://yahoo.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0399.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0399.id,hxxps://yahoo.metaboli.de);
    user_pref(capability.principal.codebase.YummyPlayer_XX0400.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0400.id,hxxp://yahoo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0401.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0401.id,hxxps://yahoo.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0402.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0402.id,hxxp://yahoo.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0403.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0403.id,hxxps://yahoo.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0404.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0404.id,hxxp://yahooclic.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0405.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0405.id,hxxps://yahooclic.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0406.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0406.id,hxxp://zanox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0407.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0407.id,hxxps://zanox.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0408.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0408.id,hxxp://zavvi.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0409.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0409.id,hxxps://zavvi.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0410.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0410.id,hxxp://go.metaboli.fr);
    user_pref(capability.principal.codebase.YummyPlayer_XX0411.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0411.id,hxxps://go.metaboli.fr);
    /* added 17-03-09 */
    user_pref(capability.principal.codebase.YummyPlayer_XX0412.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0412.id,hxxp://cnet.metaboli.co.uk);
    user_pref(capability.principal.codebase.YummyPlayer_XX0413.granted,UniversalXPConnect);
    user_pref(capability.principal.codebase.YummyPlayer_XX0413.id,hxxps://cnet.metaboli.co.uk);
    /* GWDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDE.id - hxxp://gwde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GWDEINT.id - hxxp://gwde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDE.id - hxxps://gwde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGWDEINT.id - hxxps://gwde.int.metaboli.fr/
    /* GMUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUK.id - hxxp://game.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMUKINT.id - hxxp://gmuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUK.id - hxxps://game.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMUKINT.id - hxxps://gmuk.int.metaboli.fr/
    /* CNET */
    FF - user.js: capability.principal.codebase.YummyPlayer_CNET.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CNET.id - hxxp://cnet.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CNETINT.id - hxxp://cnet.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNET.id - hxxps://cnet.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCNETINT.id - hxxps://cnet.int.metaboli.fr/
    /* IGUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK.id - hxxp://iguk.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUKINT.id - hxxp://iguk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK.id - hxxps://iguk.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUKINT.id - hxxps://iguk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGUK2.id - hxxp://Incgamers.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SIGUK2.id - hxxps://Incgamers.metaboli.co.uk/
    /* SKFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR.id - hxxp://skfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFRINT.id - hxxp://skfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR.id - hxxps://skfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFRINT.id - hxxps://skfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR2.id - hxxp://Skyrock.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR2.id - hxxps://Skyrock.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SKFR3.id - hxxp://ondemand.premium.games.skyrock.net/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR3.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSKFR3.id - hxxps://ondemand.premium.games.skyrock.net/
    FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_FREEINT.id - hxxp://free-int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SFREEINT.id - hxxps://free-int.metaboli.fr/
    /* GNUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GNUK.id - hxxp://gamestation.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGNUK.id - hxxps://gamestation.metaboli.co.uk/
    /* NEW MSN UK DE */
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNUK.id - hxxp://playnow.tech.uk.msn.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNUK.id - hxxps://playnow.tech.uk.msn.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_NEWMNDE.id - hxxp://pc-spiele-flatrate.msn.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SNEWMNDE.id - hxxps://pc-spiele-flatrate.msn.de/
    /* VMUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUK.id - hxxp://virginmedia.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUK.id - hxxps://virginmedia.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_VMUKINT.id - hxxp://vmuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SVMUKINT.id - hxxps://vmuk.int.metaboli.fr/
    /* WDDE (web de) INT */
    FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_WDDEINT.id - hxxp://wdde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SWDDEINT.id - hxxps://wdde.int.metaboli.fr/
    /* ORUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUK.id - hxxp://orange.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUK.id - hxxps://orange.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_ORUKINT.id - hxxp://oruk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SORUKINT.id - hxxps://oruk.int.metaboli.fr/
    /* MEDI int */
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MEDIINT.id - hxxp://medi.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.granted - UniversalXPConnect
  23. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    FF - user.js: capability.principal.codebase.YummyPlayer_SMEDIINT.id - hxxps://medi.int.metaboli.fr/
    /* SAT1 */
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1.id - hxxp://spieleflatrate.sat1.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1.id - hxxps://spieleflatrate.sat1.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SAT1INT.id - hxxp://sat1.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSAT1INT.id - hxxps://sat1.int.metaboli.fr/
    /* OWDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDE.id - hxxp://onlinewelten.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDE.id - hxxps://onlinewelten.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OWDEINT.id - hxxp://owde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOWDEINT.id - hxxps://owde.int.metaboli.fr/
    /* GRAD INT */
    FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GRADINT.id - hxxp://grad.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGRADINT.id - hxxps://grad.int.metaboli.fr/
    /* RTLN */
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLN.id - hxxp://rtl.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLN.id - hxxps://rtl.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_RTLNINT.id - hxxp://rtln.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SRTLNINT.id - hxxps://rtln.int.metaboli.fr/
    /* MNIT */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNIT.id - hxxp://pcgames.msn.it/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNIT.id - hxxps://pcgames.msn.it/
    FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNITINT.id - hxxp://mnit.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNITINT.id - hxxps://mnit.int.metaboli.fr/
    /* CUUK */
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://atheneum.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://atheneum.metaboli.co.uk/
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCUUKINT.id - hxxps://cuuk.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_CCUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_CCUK2.id - hxxp://atheneum.uk.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SCCUK2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCCUK2.id - hxxps://atheneum.uk.com/
    /* SCDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SCDE.id - hxxp://schueler.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SSCDE.id - hxxps://schueler.metaboli.de/
    /* MNSE */
    FF - user.js: capability.principal.codebase.YummyPlayer_MNSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_MNSE.id - hxxp://spela.pcspel.msn.se/
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SMNSE.id - hxxps://spela.pcspel.msn.se/
    /* GMSE */
    FF - user.js: capability.principal.codebase.YummyPlayer_GMSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GMSE.id - hxxp://game.metaboli.se/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMSE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGMSE.id - hxxps://game.metaboli.se/
    /* OHFR */
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR.id - hxxp://jeuxpc.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR.id - hxxps://jeuxpc.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFRINT.id - hxxp://ohfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFRINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFRINT.id - hxxps://ohfr.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHFR2.id - hxxp://ohfr.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHFR2.id - hxxps://ohfr.metaboli.fr/
    /* OHDE */
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE.id - hxxp://pcspiele.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE.id - hxxps://pcspiele.orange.ch/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDEINT.id - hxxp://ohde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDEINT.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDEINT.id - hxxps://ohde.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_OHDE2.id - hxxp://ohde.metaboli.de/
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE2.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SOHDE2.id - hxxps://ohde.metaboli.de/
    /* GAMETAP */
    FF - user.js: capability.principal.codebase.YummyPlayer_GTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_GTUS.id - hxxp://www.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SGTUS.id - hxxps://www.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_IGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IGTUS.id - hxxp://integ.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_ISGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_ISGTUS.id - hxxps://integ.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_IIGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IIGTUS.id - hxxp://gtus.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_IISGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_IISGTUS.id - hxxps://gtus.int.metaboli.fr/
    FF - user.js: capability.principal.codebase.YummyPlayer_PPGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_PPGTUS.id - hxxp://preprod.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_PPSGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_PPSGTUS.id - hxxps://preprod.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_PPPSGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_PPPSGTUS.id - hxxp://unlimited-preprod.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SPPPSGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPPPSGTUS.id - hxxps://unlimited-preprod.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_PPPSGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_PPPSGTUS.id - hxxp://retro-preprod.gametap.com/
    FF - user.js: capability.principal.codebase.YummyPlayer_SPPPSGTUS.granted - UniversalXPConnect
    FF - user.js: capability.principal.codebase.YummyPlayer_SPPPSGTUS.id - hxxps://retro-preprod.gametap.com/
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Josh\AppData\Local\Temp\005CF5F.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1737896416-2570679988-651388281-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a6,3c,20,65,84,74,d3,b2,5e,76,6d,7d,31,4e,a7,35,63,18,5a,ca,66,
    93,99,d8,1b,fd,f5,df,b8,88,83,7a,2c,7d,93,a4,8b,f7,b1,9a,9a,05,b8,22,ab,94,\
    "rkeysecu"=hex:fe,99,c2,8a,da,a7,f4,1d,e1,87,b2,09,ea,48,1d,fc
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-02 15:41:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-02 22:41
    ComboFix2.txt 2012-04-30 18:25
    .
    Pre-Run: 72,742,088,704 bytes free
    Post-Run: 73,045,172,224 bytes free
    .
    - - End Of File - - 14611E085711992943A2FF348C03A3E2

    I am not sure what yummy player is but I dont like it
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I found one other post with same entries from Oct. 2011: http://forums.malwarebytes.org/index.php?showtopic=98789

    So I did a Yummy Player search. It's a game and I'd like you to check this: http://support.mozilla.org/en-US/questions/837925

    It seems to me that if you have this game you'd know it or know you installed it. Check the reference site as there is a compatibility problem. It might be as simply as removing the plug in or extension from Firefox.

    THIS is the section that I don't understand. It's coded into your Firefox. It is not normal entry! We getting better. Combofix removed some of the temp Python processes. Did I ask you about Python? I mean to. There is a whole block of Modules for temp Python entries.
  25. treetops

    treetops TechSpot Evangelist Topic Starter Posts: 1,570   +41

    Ah to bad they didn't respond to the helper in that first link. Oh yeah I believe its associated with gametap, however I haven't used that in some time(years?) and as far as I can tell its uninstalled. I did not see it in addons plugins or extensions, but I see gametap there with only the enable option I did a search on how to root them out with no luck. I do not want yummy player or game tap at all if you know of a way to get them out I'd do it in a heart beat. I would rather uninstall it but I will settle for making it run properly I suppose.

    I really have no clue what Python is. I would not mind completely wiping firefox, it seems to be in a pretty sorry state. I have only changed a few things in its settings throughout the 3 years iv had this rig, mainly to increase security or block ads. For example adbrite was blasting me with underlined ads, I googled how to get rid of it and followed some instructions. That was a while ago I do not remember what the instructions were. I have only done minor tampering and it sounds like my firefox is doing some major stuff. I don't even know what a block of modules is, I assume its some sort of custom command or exception list in FF?

    I just looked at FF on my uninstall list and see there are 2! I am kinda hoping this is not normal so we know this is the problem.

    FF 12.0
    FF 4.0.1

    Logically I want to uninstall 4.0.1 right now but I will await your instruction.

    Edit I just uninstalled gamers first maybe that will help might be associated with yummy.

    EDIT2 couldn't wait uninstalled the old FF and it took both off, installed FF again looked on the uninstall list and 4.0.1 is gone.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.