Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit detected by AVG, need help removing [Solved]

Started by reverb360 , Jun 17 2012 12:52 PM

  • This topic is locked This topic is locked

#1
reverb360
Posted 17 June 2012 - 12:52 PM

reverb360

    New Member

  • Member
  • Pip
  • 2 posts
Hey there folks. Last night during AVG's daily scan it detected 7 possible rootkit files on my system. I opted to remove all uninfected files, AVG asked for a system reboot, I complied and then went out for the night. I woke up this morning and ran another scan, only to find that the infected files were still present. I once again tried to remove the infected files and restarted the system. Upon another scan, the files were still there. I downloaded Malwarebytes and ran a full system scan, but it was unable to detect anything malicious.

I have observed that the infected files all appear in the C:/Windows/system32/drivers folder under various names. I have personally observed spjk.sys, spya.sys and spox.sys all being separately marked as being infected. It appears that every time I attempt to delete the files or when I restart my system, the affected .sys file changes.

I have not noticed my system acting in any way out of the ordinary, aside from the rootkit warning from AVG.

My knowledge in the virus-busting area is limited, so I'd appreciate any help I could receive. Thanks in advance.

I have included the text of my OTL.txt, Extras.txt and aswMBR.txt files.

OTL.TXT


OTL logfile created on: 6/17/2012 11:59:33 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Adam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 46.94% Memory free
11.98 Gb Paging File | 8.19 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 21.74 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive E: | 882.61 Gb Total Space | 556.03 Gb Free Space | 63.00% Space Free | Partition Type: NTFS
Drive H: | 914.51 Gb Total Space | 333.44 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 364.67 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive M: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: DEUCE | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 11:58:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
PRC - [2012/05/21 08:19:15 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/03 23:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/03 23:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/02 10:32:04 | 000,559,536 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/21 15:02:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/06 11:47:32 | 001,711,616 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/14 19:59:52 | 000,199,680 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\CorsTra.exe
PRC - [2011/10/06 22:54:02 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/08/01 21:56:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/30 17:59:56 | 000,957,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe
PRC - [2010/04/01 03:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/09 22:12:50 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2008/08/15 15:47:04 | 001,679,360 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\DWA-130\AirNCFG.exe
PRC - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 11:05:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:05:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 07:59:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/14 07:58:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/14 07:58:46 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:58:40 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/14 07:58:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/06/07 02:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 02:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 02:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 02:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 02:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 02:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 02:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 01:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/21 08:19:15 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/21 08:19:15 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/21 08:19:15 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/21 08:19:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/21 08:19:15 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/12 16:24:22 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/05/12 16:22:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 16:19:19 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/10 12:17:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 12:17:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/10 11:52:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 11:50:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/10 11:50:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/10 11:50:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/05/10 11:50:17 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/10 11:50:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/05/06 11:41:12 | 000,115,137 | ---- | M] () -- C:\Users\Adam\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012/05/03 23:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/31 15:17:15 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/07/19 21:33:25 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll
MOD - [2009/10/19 16:50:28 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\corsair\K90 Keyboard\hidGetKey.dll
MOD - [2008/07/10 11:50:34 | 000,262,144 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/12 20:44:18 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/12 15:03:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/21 08:19:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/21 15:02:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/26 16:29:22 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 03:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 03:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/06/21 10:38:24 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 20:33:51 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/01 20:33:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/16 09:23:14 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/04 16:12:04 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/10/21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/30 03:43:38 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/05/25 00:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/18 21:54:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/06 03:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/11 02:54:46 | 000,676,864 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008/09/04 16:37:46 | 000,484,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192u.sys -- (RTL8192U)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/01/20 22:43:51 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/05/25 00:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 86 FB 32 11 0E CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gamefaqs.com"
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 11:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 09:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/12 15:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 11:14:02 | 000,000,000 | ---D | M]

[2010/04/26 23:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2012/06/16 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions
[2010/04/26 23:35:34 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/11/13 02:33:58 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2012/05/17 13:19:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/21 19:29:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/13 02:33:55 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]
[2010/04/26 23:34:44 | 000,000,000 | ---D | M] (Virtus Ask Search Plugin) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]
[2012/06/16 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\staged
[2010/11/13 02:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]\chrome
[2010/11/13 02:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/06/12 15:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/29 11:20:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/01/07 02:56:48 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5WB1J8O9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/26 02:19:02 | 000,117,195 | ---- | M] () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5WB1J8O9.DEFAULT\EXTENSIONS\[email protected]
[2012/06/12 15:03:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/27 00:30:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/12 15:03:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/12 15:03:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.74_0\
CHR - Extension: WOT = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: AT_JamesWhite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3\
CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\1.2.1_0\
CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: uTorrent for Google Chrome = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhaafelbmbpohgmabippkndaaikgdih\2.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: goo.gl URL Shortener Lite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnkfmkiefebamlmijhohmjaajilnlen\0.7.1_0\
CHR - Extension: Imgur the world = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\naicjelodgogagjjkgepdkjecopegkag\2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Hover Zoom = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.4_0\
CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/09/06 17:12:33 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab (SyncXfer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A9D106-A08E-4B6E-97F3-BB7069D54AA8}: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA20B781-885E-49FB-8251-61613395D4E6}: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E542D66E-BA2D-4322-A450-932485A3F878}: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 11:59:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2012/06/17 11:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 11:24:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/17 11:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 16:34:48 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Macromedia
[2012/06/12 15:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/12 15:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/11 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Corsair Vengeance
[2012/06/11 14:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
[2012/06/11 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\corsair
[2012/06/09 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\GSC
[2012/06/09 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSC 2.00
[2012/06/08 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Darksiders
[2012/06/08 12:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/06/08 12:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/05/29 11:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\MPlayer
[2012/05/28 13:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/05/28 13:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/05/28 13:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 12:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 11:58:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012/06/17 11:56:25 | 000,002,748 | ---- | M] () -- C:\Users\Adam\Desktop\avgscan.csv
[2012/06/17 11:24:32 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 11:23:05 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 11:23:05 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 11:17:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100687233-2500092821-2758916761-1000UA.job
[2012/06/17 11:16:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 11:16:10 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2012/06/17 11:15:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 11:15:50 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 11:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 10:29:47 | 100,539,838 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/16 17:19:02 | 000,420,480 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/14 11:03:22 | 000,444,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 07:58:09 | 000,884,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 07:58:09 | 000,725,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 07:58:09 | 000,145,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 11:19:49 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/06/12 11:19:49 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/12 11:19:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/12 10:17:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100687233-2500092821-2758916761-1000Core.job
[2012/06/11 14:06:57 | 000,033,525 | ---- | M] () -- C:\Windows\unins001.dat
[2012/06/11 14:06:47 | 001,174,097 | ---- | M] () -- C:\Windows\unins001.exe
[2012/06/11 14:02:46 | 000,008,119 | ---- | M] () -- C:\Windows\unins000.dat
[2012/06/11 14:02:28 | 001,180,753 | ---- | M] () -- C:\Windows\unins000.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 11:56:25 | 000,002,748 | ---- | C] () -- C:\Users\Adam\Desktop\avgscan.csv
[2012/06/17 11:24:32 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 14:06:52 | 001,174,097 | ---- | C] () -- C:\Windows\unins001.exe
[2012/06/11 14:06:52 | 000,033,525 | ---- | C] () -- C:\Windows\unins001.dat
[2012/06/11 14:02:33 | 001,180,753 | ---- | C] () -- C:\Windows\unins000.exe
[2012/06/11 14:02:33 | 000,025,600 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\CORSGKB.sys
[2012/06/11 14:02:33 | 000,008,119 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 20:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 20:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/30 22:59:31 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{0A739897-4318-4EC5-A226-978C2BA27DC2}
[2012/01/07 13:15:28 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{97F8B0C3-DE76-490C-98F3-FA558CF7C848}
[2011/12/24 23:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{6BD9E74F-7880-4DFD-A446-AE7A8087D691}
[2011/12/07 11:23:11 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{7EE76EB2-0CD4-449A-AA3D-35A90D2ED46D}
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/26 00:54:39 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/12 13:18:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/13 21:24:06 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/11 12:43:11 | 000,864,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 20:32:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/07/19 21:34:32 | 000,003,284 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\ANIWZCS{88A9D106-A08E-4B6E-97F3-BB7069D54AA8}
[2010/07/19 21:33:05 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2010/07/02 17:55:57 | 000,003,584 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/09/10 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.minecraft
[2011/10/13 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVG2012
[2010/05/02 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVG9
[2012/01/28 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BigHugeEngine
[2011/12/24 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broken Rules
[2010/10/28 22:29:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Certblaster
[2012/05/02 10:03:08 | 000,000,000 | -HSD | M] -- C:\Users\Adam\AppData\Roaming\Common
[2012/06/11 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Corsair Vengeance
[2012/01/22 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\cYo
[2010/05/18 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
[2012/04/16 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DarknessII
[2012/05/27 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DisplayFusion
[2011/07/01 03:59:23 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Dropbox
[2010/08/14 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
[2010/12/24 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Hothead Games
[2010/11/21 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MotioninJoy
[2011/04/29 00:27:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mount&Blade Warband
[2010/08/11 03:47:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NationRed
[2010/05/19 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Notepad++
[2010/05/10 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenArena
[2011/05/31 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2011/10/21 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Origin
[2011/01/25 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RIFT
[2010/08/04 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\runic games
[2012/05/07 10:04:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Samsung
[2010/08/10 03:18:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SEGA Corporation
[2010/12/04 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SQL Developer
[2010/12/04 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Subversion
[2010/07/16 13:26:56 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SystemRequirementsLab
[2012/06/17 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent
[2010/04/29 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Wizards of the Coast
[2012/05/10 21:26:59 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >

EXTRAS.TXT


OTL Extras logfile created on: 6/17/2012 11:59:33 AM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Adam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 46.94% Memory free
11.98 Gb Paging File | 8.19 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 21.74 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive E: | 882.61 Gb Total Space | 556.03 Gb Free Space | 63.00% Space Free | Partition Type: NTFS
Drive H: | 914.51 Gb Total Space | 333.44 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 364.67 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive M: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: DEUCE | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AC0712-05E0-4BA8-B2F6-2C4B4A44FC8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04E5CDC4-6776-4613-ABA6-84DB1B2B2146}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CDC0744-FDC4-4E91-9DA2-3539E83C4250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{136BCEB6-8750-4F2D-9BCC-46477B76175E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1EB0E7DD-43A8-4900-828B-EF2C8FFF5495}" = rport=139 | protocol=6 | dir=out | app=system |
"{2532950C-8C3D-467A-BEE2-D5EB260F85C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F712132-812A-4BEE-B966-7803AEA16CF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{33898812-2F5B-4D60-9499-B612095F75D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B21814D-52E7-4FB1-9938-B55307C3F67D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C9DBDDA-4E52-49F5-8BDA-9883425F3CCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3CF86D60-ACAF-4157-83C6-CD98D8EE9500}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{417E0465-48E5-4012-B1D1-DC54AE71A7A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{464ADB9E-ECDF-4772-ACD9-2C08B5FEB5F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4FA18D46-DEDC-49E0-B196-A0C788B42F6A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1B2109-0A18-4914-9D9A-6B2EC2FE1627}" = lport=1900 | protocol=17 | dir=in | name=1900 |
"{63EAC179-1AF9-4C49-8ABC-5AA716C05131}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{68AB8A8C-54F1-482B-8E37-6D67D9ACF98B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69B91E1A-E527-4F43-81EA-37A655025BC0}" = lport=137 | protocol=17 | dir=in | app=system |
"{708A4EC9-EB00-4452-B050-D198628AF2EE}" = lport=2177 | protocol=17 | dir=in | name=2177u |
"{7158DD3F-A346-46B6-8D03-CBE4D0857019}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7185B193-6C01-457E-8220-ABBDF88F387C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7E41DBF1-2099-4DED-BB83-521D201D2CFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85AED5F6-4C80-4E64-A777-11E0498A7440}" = lport=139 | protocol=6 | dir=in | app=system |
"{92E062D5-988B-41B1-9059-3D5268979516}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{9D152CA3-979C-4A4C-867D-B9AD5737929B}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D39F27D-8192-405C-8799-306000A36A95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A20526BE-3D42-47D3-9721-030CBF7169F9}" = lport=2177 | protocol=6 | dir=in | name=2177t |
"{A3F59FF6-EA7F-4C4E-966F-1CA70A9E090B}" = lport=10243 | protocol=6 | dir=in | name=10243 |
"{A6A3E392-1AB6-4A95-9C74-0BDE4E3E8BDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9E4899B-35DD-40D4-987D-346005117C6C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1112325-97FE-47A1-A44C-5CD95CA5A0C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B85565A1-727C-4F95-86B1-7F4864B558F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2D6A355-97CD-4868-8633-196FFDB110E3}" = lport=554 | protocol=6 | dir=in | name=554 |
"{CD5B0164-5775-4B95-A37E-FFB646F86BD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDAF74CA-258D-4859-BD03-39566B81F2FA}" = lport=2869 | protocol=6 | dir=in | name=2869 |
"{D0B445E5-7CB4-4C82-B9FF-799C296F2A76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D12CE8CC-3330-4784-A4B8-661D8A952765}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2982F61-5BAF-422A-9C24-EB36604D61C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7B3FFB5-6AC2-4EB4-9FA2-DA3A6CBA17C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD474D3D-4B6F-477F-9A44-763887024163}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE3CCE30-B255-49F7-981B-CD994BE88706}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{E4372A0F-5DD6-4595-8FD8-C6CB1F78DF30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F704800D-7965-40E9-852F-356E7F991D25}" = lport=4380 | protocol=17 | dir=in | name=4380 |
"{FADC828A-44C7-4623-82D4-6CC37B1D83FE}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C7A816-9301-4179-80EC-615154B5870F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{01C6F0C1-E31C-492C-BF05-F5108DE08C57}" = protocol=6 | dir=in | app=e:\_games\dragon age 2\bin_ship\dragonage2.exe |
"{035C534D-5207-4D71-A771-D68E7F330ECF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{0438CCD8-964D-48CB-A53F-E7E4C6FB1623}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{05921BB4-696C-49EF-90D2-B475EBDCECB6}" = protocol=6 | dir=in | app=e:\_games\d3\diablo iii\diablo iii.exe |
"{0788D012-8960-4521-9217-F8C896D28BAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{0821B422-8120-45C7-BF8A-C72C838205D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{091D00D5-D4AD-4479-A817-615F388AFDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{095F1ACA-0A37-4E01-8A3C-3F65BB431140}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B9F7A8D-B047-4900-8078-ED8FD04308C6}" = protocol=17 | dir=in | app=e:\_games\steam\shank\bin\shank.exe |
"{0BD47E1E-262D-4614-A4DA-7E8A762A27F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{0CD78158-F19E-4ADB-9A53-D72DA2DDF17E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{0D2CE200-AC93-41F9-AFE5-C6A4D5469F3E}" = protocol=6 | dir=in | app=e:\_games\steam\dragon age origins\bin_ship\daorigins.exe |
"{108CA9AF-5411-49E5-93F1-307A2CF8BFE2}" = protocol=6 | dir=out | app=system |
"{10968332-5D9F-4192-85F8-DBCD68AF80B0}" = protocol=17 | dir=in | app=e:\_games\steam\battlefield bad company 2\bfbc2game.exe |
"{111D37FF-068C-4810-B05B-1C65736B6934}" = protocol=17 | dir=in | name=10280-10284 |
"{11C8ECEC-B3A0-437C-B773-1265ABEF99B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{1348F91E-C4C7-4E39-AC58-62265384ED43}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{139B97A2-09B3-4895-B204-98E855BC16D1}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{1445AA53-1E06-4B36-84A2-22187076904E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{144D362D-BA84-4AF0-9289-22F68D37E618}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ares\ares.exe |
"{1480D0EB-6258-4372-BD98-14E8CDF7A9F7}" = protocol=6 | dir=in | app=e:\_games\steam\sonic generations\sonicgenerations.exe |
"{15A7EE61-9241-4899-AEC5-545ED7648E29}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{15C3D484-8565-4869-BFDE-045219D24737}" = protocol=6 | dir=in | app=e:\_games\steam\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{15E5BA9C-7E1F-4662-A7CB-70556BDC5D83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{1783D313-E888-4605-AA20-8E1CBB599325}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{190A3C61-7CBF-473E-8018-8263862F3428}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{196A144F-5EF5-4A9B-8EA3-F4657ADD0C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{1AF49114-1E5C-4E73-BCEF-368342F24775}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1B58C0A4-905E-4B05-A0ED-61FA4C2305B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |
"{1BC4FD88-9015-4DCB-B25B-D7636BD816BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D33B250-3783-4310-8A01-D09351589107}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{1E2297FE-1202-4088-8C68-87DCE4A00101}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{1E678C74-DF9D-4360-B83B-C3FD32510327}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{1E69E1B6-9F65-43CE-B163-6834EA2508A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{1EA475E8-8F15-4B1C-8329-1A82C96014A7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{1ED22A6E-18E8-43E4-A819-939CF7BB0BA3}" = protocol=17 | dir=in | app=e:\_games\steam\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{1F3CF1AA-62CC-4E04-BB3F-D30042F43606}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{1F9E798F-68FE-4447-9ECC-2AA896F9325B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{1FBBD6E9-2FE8-4D40-B797-128B61072BC5}" = protocol=17 | dir=in | app=e:\_games\steam\magicka\magicka.exe |
"{20013B7A-F312-4F14-AFA0-FF691740041D}" = protocol=17 | dir=in | name=7000\7 |
"{20B1B062-343B-4500-8CB0-4F6714AE3070}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{2118D8E6-04FC-4685-B968-CF2FFAD58A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{21C4B2A7-0454-4465-A8C0-8CE35D14628C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe |
"{22CC0068-0539-4E0A-887F-3CDE9E5440E2}" = protocol=17 | dir=in | app=e:\_games\swtor\star wars-the old republic\launcher.exe |
"{243ABE2E-CB57-4106-A96F-E9157B2C7AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{24D02DCD-5F94-4DA1-AF2D-7D958C68B5F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{25BA2006-3BA1-4900-BF5A-315A25AB1C70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{25BB17C0-EFEB-4D7E-B6C5-ADD1681B3E82}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{27A1EB3B-C75E-4756-BCE3-3566B0860F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{27E0869C-495B-470A-8FA2-015D9AC2C10F}" = protocol=17 | dir=in | app=e:\_games\dragon age 2\bin_ship\dragonage2.exe |
"{2969CAA7-89DD-44AA-A480-A4BB6AB9C66B}" = protocol=17 | dir=in | app=e:\_games\steam\the witcher 2\launcher.exe |
"{2A2FF88D-D2AD-4F00-894A-BBBDB2D8543F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{2C0965A0-2853-4701-8445-3D0AB7B09A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{2CF3CCD0-837B-4C33-AE15-2458DF7A7993}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{2D20CFCA-BA11-4106-A664-D734F5506BA1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F8DC006-B24B-4C3C-9DBF-A2531718C38B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{3147878C-FF21-4C53-9948-85B723986CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{337B92EE-3BFA-471B-AEFA-BDC8B768368C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{33AA1F52-5F4D-415E-B36E-5F4DB90A3D80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{33B733E2-1AF5-4F3A-9666-837851F8BCF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3400F687-8E0B-42FB-B103-2395644868FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{36147E49-2920-4123-B79B-259636EA4CE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{36D4C4CE-CAF7-4153-91CE-76DEF975573A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{38255D1C-4203-4BBB-B25D-B661B64D5F86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{39A9B239-AAB7-4E93-BBEA-6B22D063A847}" = protocol=17 | dir=in | app=e:\_games\swtor\star wars-the old republic\launcher.exe |
"{3B662DF5-66CA-4926-9667-A1CFA3AFC6B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{3D71252D-188E-4437-A7CD-23AABC16D32B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed 2\swtfu2.exe |
"{3F82F079-1E55-4C11-A1BC-38BCD799020D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3FB473A8-FC81-4546-B55A-F0818691861B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{3FD0328A-BE68-4CC1-B39B-E3F0925308F8}" = protocol=17 | dir=in | app=e:\_games\origin\battlefield 3\bf3.exe |
"{400E3658-9D35-4347-9081-D6394326A9BB}" = protocol=6 | dir=in | app=e:\_games\steam\amnesia the dark descent\launcher.exe |
"{402A526F-700A-456B-8CAF-30DB87B74A6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{427D54D1-FA77-43A5-8797-A10593BE9DC0}" = protocol=6 | dir=in | app=e:\_games\origin\mass effect 3\binaries\win32\masseffect3.exe |
"{4291EA4C-C481-4785-92FC-E1D0D7820AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{441A0040-930C-456E-BC80-DE4E2FEAB62A}" = protocol=6 | dir=in | app=e:\_games\swtor\star wars-the old republic\swtor\retailclient\swtor.exe |
"{449023F3-3E71-4467-A8A1-A06154966B54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{451F192A-B890-4D48-B2A8-7B4044BAD548}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{455CA915-11A1-4558-AC96-A379F2789E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45B73629-C7F8-4232-9BCF-4A723B7E50AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{4644B530-FA11-4DB3-B894-C8616BA1F15F}" = protocol=6 | dir=in | app=e:\_games\steam\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{47794A94-7879-4678-B1AB-0CCE06151829}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{47B82045-DCDF-4FDA-A4DA-A398E7DFA094}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{487425DB-10B1-4737-8751-DD606E2B0186}" = protocol=58 | dir=in | [email protected],-28545 |
"{48895802-2C3C-4360-9346-E13FA94CF325}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{4AC80CF8-221F-4FD6-8E9C-3424B769502E}" = protocol=17 | dir=in | app=e:\_games\steam\sonic generations\configurationtool.exe |
"{4DDF4791-8CF7-46EA-88A3-5B981B256276}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{4E3A56BB-74B4-4796-8E40-252C7F57BF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{4E76AAAC-764B-44CD-818F-2ED5CD25B907}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4F47574F-094D-424D-A6E2-FAF2531D32FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{4F6229BE-3E89-48AF-A796-BEB41955FE1D}" = protocol=6 | dir=in | app=e:\_games\steam\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{50A9B533-50E1-41F1-93A0-FDE54646FA59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{521856A9-7A55-4878-A0F2-7E883DA50800}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{531C6719-9085-4ABE-92EA-DD3561028D66}" = protocol=6 | dir=in | app=e:\_games\steam\the witcher 2\launcher.exe |
"{53A2FB37-0534-4628-98D0-2D4BB2216EA0}" = protocol=17 | dir=in | app=e:\_games\dragon age 2\dragonage2launcher.exe |
"{53CB2A84-51F7-4285-831C-728C30D3E321}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{53D6BFF4-EB6D-41AB-92E2-EFCB438F2D7F}" = dir=in | app=%programfiles% (x86)\starcraft ii beta\starcraft ii.exe |
"{53FD09E3-94F5-4F41-B08D-68BB773896BE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{54077B5B-89F4-49E2-8F2A-2AAC25AB6B13}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{54CADB89-A528-4B0D-9345-E250F0A10243}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54E3FECA-CC3D-44DA-9805-EF2F67009BC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{55084CB8-BE13-465F-89F9-E3D9196DACAA}" = protocol=17 | dir=in | app=e:\_games\steam\dungeons of dredmor\dungeons of dredmor.exe |
"{55AC3B44-CF56-43C6-AACC-8122A4FA5275}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5787FBC0-21BA-4FC1-8157-BD571C8DE8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ares\ares.exe |
"{5886059F-DCDB-4F70-AD1A-0C0EC1E89BA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{58A48282-CB6C-4528-9525-2B53E1EED08E}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{599C5D77-695D-4027-AEFB-8D4FA94BE574}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{59C58134-8086-4860-98F7-2680FB8577E5}" = protocol=6 | dir=in | app=e:\_games\steam\saints row the third\game_launcher.exe |
"{5BD71F26-EBA3-4E9C-B9B0-DF0ADF2F6C34}" = protocol=6 | dir=in | app=e:\_games\dragon age™ origins - ultimate edition\bin_ship\daupdatersvc.service.exe |
"{5D7CE606-3595-4693-B5C7-1ED1D32618F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{5D95BA88-0EC2-4560-8BD3-DD54AD31F0E1}" = protocol=17 | dir=in | app=e:\_games\steam\trine\trine_launcher.exe |
"{5DD23321-23E9-4D63-98B6-451B0B3B9FE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{5DFB6BB0-0F97-40F6-BAD7-E5F13862197A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{5E04A912-2F23-4A04-859C-54E1534A565B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{5E7D170D-AE6D-4091-B27F-AF77858B240C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |
"{5FCD7FD4-619F-4411-9A5D-8E2396FC7FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{6068B3E8-62FB-434D-A6CA-2D3E24970C0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6090AFD4-6FC1-424E-A61F-429B07F216B0}" = dir=in | app=c:\users\adam\appdata\local\temp\7zs669d\ojj4600_basic_13\setup\hpznui40.exe |
"{61A071FA-0FB1-4FC6-8A8C-9DE9DAB70852}" = protocol=17 | dir=in | app=e:\_games\steam\brink\brink.exe |
"{61F27F16-1417-45D1-8B83-1E91019476FC}" = protocol=6 | dir=in | app=e:\_games\steam\dragon age origins\daoriginslauncher.exe |
"{636945EF-0EF3-4881-A569-5436BA3CE2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6669D22B-3C7A-4095-AB28-3FEB2D4169C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{68844DEA-C759-4979-98F0-5F72097B7B42}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{693E57AE-58BA-497B-935B-653ED4A0BAE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6A41254B-892A-45A0-9BC6-0566E8DFADD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{6DA05559-2AEF-4EE7-B3AA-89214D0B887E}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{6E632CA0-54FA-48A4-8CC2-0C4D3BC14A9A}" = protocol=6 | dir=in | app=e:\_games\steam\deus ex - human revolution\dxhr.exe |
"{6FAD679C-827D-4241-A0EB-72AA3054F8A1}" = protocol=1 | dir=out | [email protected],-28544 |
"{702EA655-0BFB-49B9-883E-0570227D804E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{72B087A5-084C-4DA0-A545-3E50FE56C9E3}" = protocol=6 | dir=in | app=e:\_games\steam\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{74452BC7-5994-4C83-B468-C523F641A395}" = protocol=6 | dir=in | app=e:\_games\steam\star wars the force unleashed 2\swtfu2.exe |
"{762B07D9-B20E-4BFB-9842-65D7908AC182}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{77B8605C-62B6-474B-B25E-61A0AB0AD6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{782278A7-F8F0-4E83-B29A-6B8BE608C252}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{78B65D9F-4D7D-4453-8E9D-798B92C09A56}" = protocol=17 | dir=in | app=e:\_games\steam\amnesia the dark descent\launcher.exe |
"{7987DB64-722F-40C9-B757-443600EBEC08}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{7ABD41EA-671D-4D3B-A96D-E9203902EFD0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7B563708-271E-4F05-9EE1-836FA4C34866}" = protocol=17 | dir=in | app=e:\_games\steam\mafia ii\pc\mafia2.exe |
"{7B7C7E34-7875-4D74-AF86-87D4B2EC7DAC}" = protocol=17 | dir=in | app=e:\_games\steam\stalker shadow of chernobyl\bin\xr_3da.exe |
"{7C5F4C33-B261-4B71-878A-5183C7A20E77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7E9588BE-BCC9-4AC0-AC36-B216261DD78A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F1CEE41-B9B9-4ACB-A1BD-7A23667A36CB}" = protocol=6 | dir=in | app=e:\_games\d3 beta\diablo iii beta\diablo iii.exe |
"{7F76BA21-5242-487F-826A-603EA771D5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{802D2D03-EA0D-4C49-A9F9-75F67314E4D5}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{806059CD-B37D-4565-A11C-302D36360FA8}" = protocol=17 | dir=in | name=steam matchmaking |
"{8141653E-1E62-49D2-B994-B2F8CAE82F71}" = protocol=6 | dir=in | app=e:\_games\steam\magic the gathering - duels of the planeswalkers\dotp.exe |
"{828E016C-35B4-431D-BD64-7AF4FFFDC62A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{831C0CF6-2072-4DAD-8C6F-93263875C0B2}" = protocol=17 | dir=in | app=e:\_games\steam\mountblade warband\mb_warband.exe |
"{84B3AB83-0EEF-4544-8886-5714FDD1C6B9}" = protocol=6 | dir=in | app=e:\_games\dragon age 2\dragonage2launcher.exe |
"{85E88FA1-25A4-4803-94B8-647121A341C9}" = protocol=17 | dir=in | app=e:\_games\steam\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{869B363E-B0D4-4B19-A467-CCD18C23124D}" = protocol=17 | dir=in | app=e:\_games\steam\star wars the force unleashed 2\swtfu2.exe |
"{86BB6D98-BAF4-4E78-A4B7-2EEAFC520B52}" = protocol=17 | dir=in | app=e:\_games\steam\dragon age origins\bin_ship\daorigins.exe |
"{8754B738-1435-4F6C-ACA6-FBC21D0F3FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{87C05174-8CFF-4731-8859-675E942D216F}" = protocol=6 | dir=in | app=e:\_games\steam\the ball\binaries\win32\theball.exe |
"{87F2BDBD-D9DF-4B11-BB7E-50C967C1D4E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{89B456F9-F592-4EDF-B885-24D6D486804E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A025BB0-564C-4A3D-84D9-23420AC69253}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"{8AD00B79-626D-402B-B4D3-715011A702C9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{8B7F71CF-9A38-4DFF-AB7C-DF20B14E2A18}" = protocol=6 | dir=in | app=e:\_games\steam\dead island\deadislandgame.exe |
"{8B99FF60-FADA-4C83-BA46-D81DF7636CDC}" = protocol=6 | dir=in | app=e:\_games\steam\mass effect\binaries\masseffect.exe |
"{8BDE88AD-FB3A-4422-AA8C-0C8273D9758D}" = protocol=17 | dir=in | app=e:\_games\steam\sonic generations\sonicgenerations.exe |
"{8C823EB2-B433-478F-9719-D40CE3FD4CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{8D2C930D-B10E-4A5F-AC9C-F98F46DCAC21}" = dir=in | app=%programfiles% (x86)\steam\steam.exe |
"{8E7FF326-980F-40D3-8485-127A72100C77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E87F120-ADE8-4F2B-95BF-C295BF25F4C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{90240370-CF13-4BE9-AB52-3683232A924A}" = protocol=17 | dir=in | app=e:\_games\swtor\star wars-the old republic\swtor\retailclient\swtor.exe |
"{9373EE33-D52F-47BD-A82B-C6FD3A5881FC}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{946678DB-DFA6-462F-8245-8FBC3AF76222}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{95FE61EC-A965-46E8-82A8-B26FAF35A159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{977DA7B5-EEBA-4C66-AF9F-1F3DA7EC1070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{9783B2B3-1121-4E1B-946F-8C092BE284CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{98AFAD26-830E-44FC-B274-4E5F31FAA880}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{995283CB-D60B-4F61-BED4-E5000F563EE3}" = protocol=6 | dir=in | app=e:\_games\steam\ares\ares.exe |
"{999744EA-B839-4CC8-97F1-8261C32D297F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{9A469D2B-BB16-4495-8F8F-BA51F6E6D6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{9BE8CCB2-0BE7-4DBB-A5B1-7E43A2A6C816}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CAD0C67-A5F7-48A2-8C4A-AE099E352084}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{9D5F66FA-FB0A-4B4D-BBD2-2BFB8C698AD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{9F871167-1C05-49FD-B61A-B0658FD2C6B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A042B002-21B5-4374-85F4-D81822D4CA2E}" = protocol=6 | dir=in | app=e:\_games\origin\battlefield 3\bf3.exe |
"{A088B327-2AC3-47C5-8CE1-287124212CB8}" = protocol=17 | dir=in | app=e:\_games\swtor\star wars-the old republic\swtor\retailclient\swtor.exe |
"{A2E644C5-0A8D-437C-894F-CD2F13965C64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3FD1D1C-F736-40BC-9706-FD68781F9D6C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A48F9E93-5C08-423D-905C-E0CC9391C9B4}" = protocol=1 | dir=in | [email protected],-28543 |
"{A4BB568B-B183-45FB-B0F7-2A9BD7BA69F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{A6632F2A-6675-477A-A4EE-D339C1C44874}" = protocol=6 | dir=in | app=e:\_games\steam\skyrim\skyrimlauncher.exe |
"{A74F58EA-7480-4B71-96C5-6024FF72D48E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{A8D07B62-79CE-4028-BEEC-D829861B38AF}" = protocol=6 | dir=in | name=steam dl |
"{A8E1F81D-1D62-4A3A-8ED0-D0E102456778}" = protocol=6 | dir=in | app=e:\_games\steam\shank\bin\shank.exe |
"{AB7F22FB-88D2-41E6-AD91-FABD1B04D8B1}" = protocol=17 | dir=in | app=e:\_games\steam\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AC4C3452-B6F2-49AE-85E1-FD3074F0DC02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe |
"{ACAFDDC9-AB21-44CD-B0F8-AF2C51053A87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{ADB5E269-F641-407D-9DCC-F1F472F926B3}" = protocol=17 | dir=in | app=e:\_games\steam\psychonauts\psychonauts.exe |
"{AEE2812E-EECE-461A-AF55-CFBB3836DFF0}" = protocol=6 | dir=in | app=e:\_games\steam\stalker shadow of chernobyl\bin\xr_3da.exe |
"{AFD6FA00-A1F2-4A0E-9D6C-F0296EE45B02}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B1976784-BFD2-4DE6-BADE-FA2524E2B17E}" = protocol=17 | dir=in | app=e:\_games\steam\world of goo\worldofgoo.exe |
"{B2139EB1-A008-48D8-A190-4B5F85A931E7}" = protocol=17 | dir=in | app=e:\_games\steam\ares\ares.exe |
"{B463459D-280E-4FAA-8D96-ACE01ABF43B0}" = protocol=6 | dir=in | app=e:\_games\swtor\star wars-the old republic\swtor\retailclient\swtor.exe |
"{B46771DC-D5ED-4042-98B7-9807C56FEBC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{B4D33A96-C17F-4DD3-88B5-291A7688670E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{B5144344-68A2-42DC-8164-CAA3996DAE5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
"{B5294723-3838-4F6E-AA81-0E71C7D7594B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{B560DD83-465E-4B5E-BF46-22250C549B49}" = protocol=17 | dir=in | app=e:\_games\d3\diablo iii\diablo iii.exe |
"{B59C9803-ED3E-4898-817C-552B53FDD3FE}" = protocol=58 | dir=out | [email protected],-28546 |
"{B6473FB3-868D-4072-ACFF-783BD3B15288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{B6924638-95F9-4780-95F7-BE3746DFF8A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B6FD3DFE-7CF2-4029-9231-319F2A3EF555}" = protocol=17 | dir=in | app=e:\_games\steam\mass effect\binaries\masseffect.exe |
"{B8BF095A-EBCA-456D-9030-B013B9668C99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{BC21CDB5-E256-4D29-AC56-34F936E865E6}" = protocol=6 | dir=in | app=e:\_games\steam\portal 2\portal2.exe |
"{BC6DDC10-3A1D-4B96-B321-E87EB121E668}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{BD300DB2-4F19-4690-9119-3B12875C75EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{BDD0D848-4BA2-45AB-A354-EF78BB9DB670}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{BDF0B48E-ED85-4DBA-A6AA-CF29927273BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{C45B0434-37FD-4B8A-862E-176BBCFF3ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{C47755D0-E973-4F2C-8977-6499692CD41D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C4D84235-1318-4AFC-B553-B2BD82F778CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C7CEBA6F-451F-417D-AFA9-F4047C2685F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C8977EC4-75D6-4C82-9349-5B376F83421B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{CD172C85-DC60-4D67-8453-9DD5422B6734}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CDAB2890-76F0-42B2-9814-8528744C1A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{D0D6DED5-7285-44BF-8C9E-EF80B6BF8538}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{D2E13C11-847E-40C7-B67D-52D4C3094409}" = protocol=6 | dir=in | app=e:\_games\steam\psychonauts\psychonauts.exe |
"{D383E462-D8BA-4C8B-9545-75F16D240D25}" = protocol=17 | dir=in | app=e:\_games\steam\deus ex - human revolution\dxhr.exe |
"{D665F05D-F39A-48B1-A012-18BF09489D94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars the force unleashed 2\swtfu2.exe |
"{D6994AC9-1874-41A5-A795-C2F9E7168E4F}" = protocol=6 | dir=in | app=e:\_games\steam\brink\brink.exe |
"{D7BBF8AB-6DC0-4BCC-B52E-BB9A3EE4B706}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D80ACD3C-D25E-4827-A2AB-2EAF1EFF77E5}" = protocol=17 | dir=in | app=e:\_games\dragon age™ origins - ultimate edition\bin_ship\daupdatersvc.service.exe |
"{D869D357-BF98-4D5A-A7FC-730CC0323354}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{D8FEDB27-54D5-46BC-83CF-9CB0E1099074}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{D944BD60-718B-43D9-8213-57A9B3CE0353}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DA048F58-720C-4ACA-84E6-5D4BF4846B81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA449534-FA1E-487D-896B-FFBB5F0E069F}" = protocol=17 | dir=in | app=e:\_games\steam\dead island\deadislandgame.exe |
"{DAE890F1-C684-4EE6-BB68-8F61B63E1545}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB148707-64FE-4172-B627-76DF5B4B57C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{DB5580E2-894E-495C-BA06-89726AD635E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{DE4E68D8-B9B5-4B58-839C-76C04FC5511C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DF623C83-3A53-458E-B5F6-FC82C57A2C40}" = protocol=6 | dir=in | app=e:\_games\steam\mafia ii\pc\mafia2.exe |
"{DFE6AE68-7ECE-4520-ACD4-05670D1F89A2}" = protocol=17 | dir=in | app=e:\_games\steam\magic the gathering - duels of the planeswalkers\dotp.exe |
"{E06EF0A9-5EA3-4BFE-BDFF-0F6E7C6FA655}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{E0D46B10-DE1D-4A5C-9C74-13DCC3267691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B73E48-1836-47A3-AD43-3A17D9A57891}" = protocol=17 | dir=in | app=e:\_games\steam\saints row the third\game_launcher.exe |
"{E2D2ED54-682F-485C-8C30-86CEAC47FC7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{E361EAD5-C999-4907-B605-86A356A7AADA}" = protocol=6 | dir=in | app=e:\_games\steam\sonic generations\configurationtool.exe |
"{E3633C4B-6BEE-4DE7-9BA6-4D6510AAF750}" = protocol=17 | dir=in | app=e:\_games\steam\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{E3ADC168-BAF9-444D-8E37-CC422F263A05}" = protocol=17 | dir=in | app=e:\_games\steam\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E3C0136E-7412-4AC2-9767-1EF5A0994EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{E47FCBA6-E213-4CBD-A7C7-61C347646B70}" = protocol=17 | dir=in | app=e:\_games\steam\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{E573B4EF-8BD3-4350-AB92-F1BF8873051B}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"{E5791CA3-6113-45BA-9D2C-D58C55EC1AED}" = protocol=6 | dir=in | app=e:\_games\steam\battlefield bad company 2\bfbc2game.exe |
"{E5B75543-98AD-4BAA-991A-1F9D385E72E3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E5D3974A-AD6E-4514-8B9F-7596F0294046}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{E5D93E98-E52B-4824-9F6B-127A46130313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E7E6FEFB-1439-4C5F-A67E-B039BA5E1029}" = protocol=17 | dir=in | name=steam client |
"{E84AB5DB-E0C8-48B9-A9BB-0C294A3922D1}" = protocol=17 | dir=in | name=5004\5 |
"{E8663F87-0D31-4291-B50B-DEA3DCA5C0A9}" = protocol=6 | dir=in | app=e:\_games\steam\mountblade warband\mb_warband.exe |
"{E8E613E3-49C4-4948-9F64-EA4C8A127661}" = protocol=6 | dir=in | app=e:\_games\steam\world of goo\worldofgoo.exe |
"{E996A9C4-8AD2-4033-9146-28BEDBC426BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{EA20194A-B71A-46AD-81A9-FAE135F70EC5}" = protocol=6 | dir=in | app=e:\_games\swtor\star wars-the old republic\launcher.exe |
"{EA2DA9F4-4353-4842-A69B-1A0DB839243E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{EAF5C1EE-B34A-4B36-BEA4-70047DA0DDD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{ED188F11-F9FD-4E40-A9CD-458EDEC31775}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED9CABA5-CEF2-4331-920D-31F2C5003EAD}" = protocol=6 | dir=in | app=e:\_games\steam\deus ex\system\deusex.exe |
"{EF38DEE1-1ABD-481B-A5F0-A003D5506489}" = protocol=6 | dir=in | app=e:\_games\steam\trine\trine_launcher.exe |
"{F0926B76-19EB-4F31-9276-F5C9DB678E36}" = protocol=17 | dir=in | app=e:\_games\origin\mass effect 3\binaries\win32\masseffect3.exe |
"{F4550669-860D-4254-9EAC-FFAF5FBB440D}" = protocol=6 | dir=in | app=e:\_games\steam\orcs must die!\build\release\orcsmustdie.exe |
"{F632001B-0078-40C8-8738-420D04900E3A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{F68D04A1-8CDC-434C-8818-6102E8533DB5}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{F6A56E5D-76CA-48FB-91BA-C46B8FCD8A65}" = protocol=6 | dir=in | app=e:\_games\steam\dragon age origins\docs\ea help\electronic_arts_technical_support.htm |
"{F6B42C85-51F8-4DE3-819B-ADCB54444F37}" = protocol=6 | dir=in | app=e:\_games\steam\magicka\magicka.exe |
"{F7E2700F-6A6E-4F69-B22E-815FE9C227C7}" = protocol=17 | dir=in | app=e:\_games\steam\deus ex\system\deusex.exe |
"{F83447B4-6E07-4EF2-A77F-461EA9246D53}" = protocol=17 | dir=in | app=e:\_games\steam\portal 2\portal2.exe |
"{F895FE08-4D05-4B6E-836A-765D8E411383}" = protocol=6 | dir=in | app=e:\_games\steam\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{F9BAB26C-15EE-4703-B41A-400A75E8F54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{FA119649-C057-48A0-9797-A436F7A154F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the ball\binaries\win32\theball.exe |
"{FA1CACFF-F9A3-4E05-A795-BD13B68A48C8}" = protocol=6 | dir=in | app=e:\_games\swtor\star wars-the old republic\launcher.exe |
"{FA58EADE-EC30-4E89-8EAC-8FDD2E7B291C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{FAD441EF-CDB2-497B-8C27-FB4AAFA13ECE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{FCAAF986-1475-44A1-ABAB-248C9003126D}" = protocol=17 | dir=in | app=e:\_games\steam\the ball\binaries\win32\theball.exe |
"{FCD18FE5-7C00-45BD-8C90-BA91E5CAD84F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe |
"{FCFD30EE-B521-4D39-A90C-D94A4E95B30A}" = protocol=17 | dir=in | app=e:\_games\steam\orcs must die!\build\release\orcsmustdie.exe |
"{FDA0DA23-5226-40CA-8FCB-B1F63083AC07}" = protocol=17 | dir=in | app=e:\_games\steam\dragon age origins\daoriginslauncher.exe |
"{FDC3201D-50E8-48A1-A056-F99AE22C33ED}" = protocol=17 | dir=in | app=e:\_games\d3 beta\diablo iii beta\diablo iii.exe |
"{FE0A7B84-281C-44E1-9516-9805CA3F982F}" = protocol=6 | dir=in | app=e:\_games\steam\dungeons of dredmor\dungeons of dredmor.exe |
"{FE9D947F-A003-4AA2-A312-10249995E9BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{FF1DA61E-C706-408C-801D-B2BA2598DEE6}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{FFCBB22F-CD56-416F-900D-684AE6001D1C}" = protocol=17 | dir=in | app=e:\_games\steam\skyrim\skyrimlauncher.exe |
"TCP Query User{21C3895A-C5DA-4C04-AC11-AC45DEA4EB23}C:\users\adam\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{2E493C97-CC23-4DCC-9C09-7AD9AAEA01A6}E:\_games\steam\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\_games\steam\the witcher 2\bin\witcher2.exe |
"TCP Query User{2F8ED22A-2E79-4CC4-976C-4CBE13A22260}E:\_games\steam\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\_games\steam\borderlands\binaries\borderlands.exe |
"TCP Query User{3D424D86-4894-49A2-8681-55338D20381C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{4149411A-F1CD-40B7-84E6-3BC2B7F95A6F}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{45F208F9-82B2-4B23-A601-7B5867C6F469}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{480FA870-05C0-4FC5-89BE-6C634357E77A}E:\_games\swtor beta\star wars - the old republic\he600\retailclient\swtor.exe" = protocol=6 | dir=in | app=e:\_games\swtor beta\star wars - the old republic\he600\retailclient\swtor.exe |
"TCP Query User{57E92649-38FA-4EC6-9285-1C2CB8862DA1}E:\dl internet\umbrella-4.02.05.exe" = protocol=6 | dir=in | app=e:\dl internet\umbrella-4.02.05.exe |
"TCP Query User{612DC9E9-519A-42A8-BA08-3B22DB7CEE0B}E:\portable\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\portable\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{618109B0-A1B1-4AEE-A437-1BAC6F010E00}E:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{639EBBC8-E2E5-4653-8CB3-8C4F52A2ECD7}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{673DCA1F-3965-4748-A694-417583B7849F}C:\users\adam\appdata\local\temp\pyl7290.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\temp\pyl7290.tmp\pyrun.exe |
"TCP Query User{67460744-144F-4D3A-B14D-0F93287571A1}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{78B9FAA3-9363-4ECB-B845-1D657CF29D65}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{7982F1AA-C8AC-4044-87E2-B5D7A2BD2A82}C:\program files (x86)\steam\steamapps\reverb33946\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\reverb33946\team fortress 2\hl2.exe |
"TCP Query User{7B174B58-8A44-42FA-A5E0-BFDDECC82B96}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{84B939BA-942E-496E-B08C-358CB5FCE799}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{8F0A6140-CF1D-4341-956C-AF36C4D7F7A3}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{947E22A4-4249-418B-AFBB-6C41326F0684}E:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{95755790-EA07-404F-9BCD-7ECD53FDBCC1}M:\portable\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=m:\portable\xampp\apache\bin\httpd.exe |
"TCP Query User{97584264-553D-4855-8836-77F6B5D32674}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"TCP Query User{A60AD1D2-B40F-4F32-8D2D-FEE87368B7CB}E:\_games\swtor beta\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=e:\_games\swtor beta\star wars - the old republic\launcher.exe |
"TCP Query User{B158857C-AA17-4887-8A22-5F25FC5164FF}E:\portable\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\portable\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B40E1520-58A2-4A8B-9018-EC3F6C89F738}E:\_games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\_games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{B4DCF7BA-2BFA-473F-967D-DC7A2FD77929}M:\portable\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=m:\portable\xampp\mysql\bin\mysqld.exe |
"TCP Query User{BEFF4F20-1053-4934-B81D-5A4EDDC38595}F:\other\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=f:\other\openarena-0.8.1\openarena.exe |
"TCP Query User{BF7B3333-2B1F-4618-AE66-6782ABB8D193}E:\dl internet\mtgoiii_helper.exe" = protocol=6 | dir=in | app=e:\dl internet\mtgoiii_helper.exe |
"TCP Query User{C22EA590-2B5B-473D-BC18-9EB234612850}E:\dl internet\starcraft_2_beta_enus.exe" = protocol=6 | dir=in | app=e:\dl internet\starcraft_2_beta_enus.exe |
"TCP Query User{D05C1F3A-472C-4CD2-ACAA-E556CC769CE8}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{D1AFC71A-BEAD-4327-A017-94027045C75D}C:\users\public\sony online entertainment\installed games\dc universe online beta\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online beta\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{DAFE90B7-EBCA-4306-A5B4-9E2141647901}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"TCP Query User{DD81C851-BB60-4907-9213-7FDF06FC791D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DEA536CB-E190-4FED-9C0C-9A8AB781E08A}E:\_games\swtor beta\star wars-the old republic\launcher.exe" = protocol=6 | dir=in | app=e:\_games\swtor beta\star wars-the old republic\launcher.exe |
"TCP Query User{E90DDA84-8232-4F49-9DAE-2E4C5ED12537}E:\_games\gw2_beta\gw2.exe" = protocol=6 | dir=in | app=e:\_games\gw2_beta\gw2.exe |
"TCP Query User{F4B6518C-2AF7-4C31-8B54-713F30881B55}E:\_games\steam\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=e:\_games\steam\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{F6692AE9-F02F-4362-B551-47D94FBD0E9E}E:\_games\dragon age™ origins - ultimate edition\bin_ship\eacoreserver.exe" = protocol=6 | dir=in | app=e:\_games\dragon age™ origins - ultimate edition\bin_ship\eacoreserver.exe |
"TCP Query User{FED18EA6-C205-43CF-AAAA-3ECD51134337}C:\users\adam\appdata\local\temp\pylb154.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\temp\pylb154.tmp\pyrun.exe |
"UDP Query User{059C26B4-5666-4EBE-90CE-2750BBC87139}C:\program files (x86)\steam\steamapps\reverb33946\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\reverb33946\team fortress 2\hl2.exe |
"UDP Query User{0A30A134-7028-4DC0-B0F0-D3E4B5CDB5C0}E:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0A7A4EDD-D0DD-43B2-9ABC-A6F90AE62A6A}E:\dl internet\umbrella-4.02.05.exe" = protocol=17 | dir=in | app=e:\dl internet\umbrella-4.02.05.exe |
"UDP Query User{0D33D26C-58B5-41CD-B7DF-D7C6737934DD}C:\users\public\sony online entertainment\installed games\dc universe online beta\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online beta\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{0F60CEFE-83A1-4260-BB16-3A49A6C817FD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{122384F1-C40F-4110-AF9D-650788D66829}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{14D5B72E-5D2E-4BF5-8041-8C8D160E41F9}E:\_games\steam\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\_games\steam\the witcher 2\bin\witcher2.exe |
"UDP Query User{1F132865-F2C5-4DE4-8850-ACB74BA14C47}E:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{3B338CB0-D657-46E4-8B4F-116D8939A729}E:\_games\steam\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=e:\_games\steam\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{3C456B71-5042-4B81-8E21-8422A094F6B0}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{5085DAC5-D57D-472F-95FC-3046F676FE7F}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"UDP Query User{515A44F4-8241-45E8-9EF2-458B34B0AD47}C:\users\adam\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{73A803C8-28AF-4997-8F20-FFEB84824A78}E:\dl internet\starcraft_2_beta_enus.exe" = protocol=17 | dir=in | app=e:\dl internet\starcraft_2_beta_enus.exe |
"UDP Query User{755E8D1E-E27D-4A26-9631-241342B38920}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8F6D510A-6BAF-4A16-BAF0-D23DE0C5DDBD}E:\_games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\_games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{95AC1285-EABA-460A-AC7D-8CD30542F233}C:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{9FFD1C81-8D09-45A6-8184-1C16DBA42BAE}E:\_games\gw2_beta\gw2.exe" = protocol=17 | dir=in | app=e:\_games\gw2_beta\gw2.exe |
"UDP Query User{ADA1AA55-5461-4F31-896E-B0423EF2A615}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{B4E7F6CD-8D53-4394-AF10-88E1C3D91844}M:\portable\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=m:\portable\xampp\apache\bin\httpd.exe |
"UDP Query User{B4E871F3-81F2-440C-B0FE-FA99B0E86017}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{BED37BAB-751F-48B3-9753-12BEB046DA07}E:\_games\swtor beta\star wars - the old republic\he600\retailclient\swtor.exe" = protocol=17 | dir=in | app=e:\_games\swtor beta\star wars - the old republic\he600\retailclient\swtor.exe |
"UDP Query User{BEE8E5AD-0255-4C2B-9ADD-72B6AD2F5386}E:\_games\swtor beta\star wars-the old republic\launcher.exe" = protocol=17 | dir=in | app=e:\_games\swtor beta\star wars-the old republic\launcher.exe |
"UDP Query User{C2C9410C-E56D-4370-86C1-469F0D7A102B}E:\_games\dragon age™ origins - ultimate edition\bin_ship\eacoreserver.exe" = protocol=17 | dir=in | app=e:\_games\dragon age™ origins - ultimate edition\bin_ship\eacoreserver.exe |
"UDP Query User{CB069F68-24B8-43D3-BEB8-85734A4CA4F5}C:\users\adam\appdata\local\temp\pyl7290.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\temp\pyl7290.tmp\pyrun.exe |
"UDP Query User{CBE3C6EE-AFA5-42C1-B7D7-96E96F10B4B3}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{CFAD8CE7-5475-4508-9194-BABB6D2DAC4E}E:\_games\swtor beta\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=e:\_games\swtor beta\star wars - the old republic\launcher.exe |
"UDP Query User{D25E10B3-1CAA-44D4-8461-225D0F866120}C:\users\adam\appdata\local\temp\pylb154.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\temp\pylb154.tmp\pyrun.exe |
"UDP Query User{D3E1FBC2-6B7F-4F4C-907B-C63D7DFDA90C}E:\dl internet\mtgoiii_helper.exe" = protocol=17 | dir=in | app=e:\dl internet\mtgoiii_helper.exe |
"UDP Query User{D59705FE-C65E-475C-B311-22F5256DB2F0}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{D95C5C43-98B9-4AE5-BC5F-30F9C4A42773}E:\portable\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\portable\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E43FC52D-D4EB-4336-8E62-556349101337}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E96E217B-D63E-42E5-8D9D-61CB7C2CA76A}M:\portable\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=m:\portable\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E97C7F74-4A91-4C00-A221-6F3E8CCD98E5}F:\other\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=f:\other\openarena-0.8.1\openarena.exe |
"UDP Query User{EEC8584F-2FF1-4468-9100-E6CD2701EDC5}E:\_games\steam\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\_games\steam\borderlands\binaries\borderlands.exe |
"UDP Query User{EF8CE368-339C-4A99-9419-EE79179F9F3D}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{F6A8245D-F617-419A-B9FF-CDFF4E727927}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{F7F5E647-5BB8-4EC4-BDDD-0C54FC712BCE}E:\portable\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\portable\xampp\xampp\apache\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"ComicRack" = ComicRack v0.9.151
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1" = Corsair K90 Firmware Update Application
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{469032A5-C6F3-CE61-67B1-F8820B747401}" = Application Profiles
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4B7IL77L-T4D4-75B1-97C5-18CD6E6334R1}_is1" = Warhammer 40k Space Marine version 1.0
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E58F4601-7C53-47D2-B34B-ADE943A8EDBE}" = D-Link Wireless N DWA-130
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1" = Corsair K90 Gaming Keyboard Driver V1.0
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F25B14A1-3863-41B6-9F8A-931DECA6D384}" = D-Link Wireless N DWA-130
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice: Madness Returns_is1" = Alice: Madness Returns
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"Capsule" = Capsule
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Diablo III" = Diablo III
"doubleTwist" = doubleTwist
"EA Installer.-1232786387" = EA Installer
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"Fallout_is1" = Fallout
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HDTP" = Deus Ex - HDTP
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.3
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Steam App 102600" = Orcs Must Die!
"Steam App 105600" = Terraria
"Steam App 107310" = Cthulhu Saves the World
"Steam App 113200" = The Binding Of Isaac
"Steam App 12140" = Max Payne
"Steam App 17450" = Dragon Age: Origins
"Steam App 17460" = Mass Effect
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two
"Steam App 18040" = DeathSpank
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 20920" = The Witcher 2: Enhanced Edition
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32500" = Star Wars: The Force Unleashed II
"Steam App 35460" = The Ball
"Steam App 35700" = Trine
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 41100" = Hammerfight
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 47730" = Dragon Age: Origins - Awakening
"Steam App 48700" = Mount and Blade: Warband
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 50130" = Mafia II
"Steam App 50620" = Darksiders
"Steam App 55230" = Saints Row: The Third
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 67370" = The Darkness II
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 70300" = VVVVVV
"Steam App 71340" = Sonic Generations
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8980" = Borderlands
"Steam App 91310" = Dead Island
"Steam App 92300" = A.R.E.S.
"Steam App 93200" = Revenge of the Titans
"Steam App 94200" = Jamestown
"Steam App 98800" = Dungeons of Dredmor
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"winscp3_is1" = WinSCP 4.2.7
"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2012 6:52:24 PM | Computer Name = Deuce | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/8/2012 3:30:59 PM | Computer Name = Deuce | Source = Application Error | ID = 1000
Description = Faulting application name: DarksidersPC.exe, version: 1.0.0.1, time
stamp: 0x4c8f234d Faulting module name: d3d9.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b7b3 Exception code: 0xc0000005 Fault offset: 0x000295a7 Faulting process
id: 0x1534 Faulting application start time: 0x01cd45aa59cfbc70 Faulting application
path: c:\program files (x86)\steam\steamapps\common\darksiders\DarksidersPC.exe
Faulting
module path: C:\Windows\system32\d3d9.dll Report Id: 798735b2-b1a0-11e1-b951-20cf3066abc0

Error - 6/9/2012 6:50:17 PM | Computer Name = Deuce | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/10/2012 6:47:10 PM | Computer Name = Deuce | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/11/2012 4:28:23 PM | Computer Name = Deuce | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/11/2012 6:13:48 PM | Computer Name = Deuce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/12/2012 12:18:27 PM | Computer Name = Deuce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/12/2012 12:29:40 PM | Computer Name = Deuce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/12/2012 1:19:40 PM | Computer Name = Deuce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/16/2012 7:03:39 PM | Computer Name = Deuce | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 5/23/2012 11:48:09 PM | Computer Name = Deuce | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 5/23/2012 11:48:09 PM | Computer Name = Deuce | Source = Service Control Manager | ID = 7031
Description = The Portable Device Enumerator Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 5/23/2012 11:48:09 PM | Computer Name = Deuce | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 6/1/2012 12:44:44 PM | Computer Name = Deuce | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AMD
External Events Utility service to connect.

Error - 6/1/2012 12:44:44 PM | Computer Name = Deuce | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%1053

Error - 6/1/2012 12:46:10 PM | Computer Name = Deuce | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/7/2012 12:24:47 PM | Computer Name = Deuce | Source = DCOM | ID = 10010
Description =

Error - 6/9/2012 9:29:45 PM | Computer Name = Deuce | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/11/2012 1:27:58 AM | Computer Name = Deuce | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 172.16.1.65. The computer with the IP address 172.16.1.74 did not
allow the name to be claimed by this computer.

Error - 6/16/2012 7:05:46 PM | Computer Name = Deuce | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

ASWMBR.TXT


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 12:31:11
-----------------------------
12:31:11.478 OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:11.479 Number of processors: 8 586 0x1A04
12:31:11.479 ComputerName: DEUCE UserName: Adam
12:31:11.706 Initialize success
12:31:15.712 AVAST engine defs: 12061700
12:31:20.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:31:20.137 Disk 0 Vendor: KINGSTON_SNV425S2128GB C091126a Size: 122104MB BusType: 3
12:31:20.139 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:31:20.142 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3
12:31:20.146 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP6T0L0-9
12:31:20.149 Disk 2 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
12:31:20.153 Disk 0 MBR read successfully
12:31:20.157 Disk 0 MBR scan
12:31:20.163 Disk 0 unknown MBR code
12:31:20.168 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:31:20.173 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
12:31:20.179 Disk 0 scanning C:\Windows\system32\drivers
12:31:23.439 Service scanning
12:31:33.778 Modules scanning
12:31:33.789 Disk 0 trace - called modules:
12:31:33.797 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80054e42c0]<<spox.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:31:33.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006604790]
12:31:33.809 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80063cb060]
12:31:33.815 \Driver\atapi[0xfffffa800639e910] -> IRP_MJ_CREATE -> 0xfffffa80054e42c0
12:31:34.088 AVAST engine scan C:\Windows
12:31:34.824 AVAST engine scan C:\Windows\system32
12:33:29.736 AVAST engine scan C:\Windows\system32\drivers
12:33:33.270 AVAST engine scan C:\Users\Adam
12:36:44.978 AVAST engine scan C:\ProgramData
12:39:16.472 Scan finished successfully
12:39:21.876 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
12:39:21.880 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"
  • 0

Advertisements

#2
Essexboy
Posted 17 June 2012 - 01:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi that appears to be a False Positive on AVG's part, as those series of files relate to Daemon tools. Do you use that programme at all - it is a CDROM emulator ?

If not then do the following, followed by another AVG scan to confirm the removal



Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV:64bit: - [2010/05/18 21:54:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    @Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\DAEMON Tools Lite

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN


Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

  • 0

#3
reverb360
Posted 17 June 2012 - 03:50 PM

reverb360

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for the quick reply. You are correct, I have had Daemon Tools Lite installed on this system for over a year, but have not used it in a long time. I find it strange that it all of a sudden caused an issue in AVG, but whatever.

I uninstalled the program and then rebooted the PC. I ran AVG's scan and it was still detecting rootkits. I then ran your custom fix through OTL, after which my computer promptly blue-screened. I rebooted and ran an OTL quick scan, with the results below. I then downloaded DeFogger, ran the disable command and allowed it to reboot my computer. Upon startup I ran an AVG scan and it no longer detects any rootkits, so it appears that the issue has been resolved.

Are there any other steps I should take to close out the matter?

OTL.TXT

OTL logfile created on: 6/17/2012 3:30:38 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Adam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.77% Memory free
11.98 Gb Paging File | 9.66 Gb Available in Paging File | 80.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 22.48 Gb Free Space | 18.87% Space Free | Partition Type: NTFS
Drive E: | 882.61 Gb Total Space | 556.03 Gb Free Space | 63.00% Space Free | Partition Type: NTFS
Drive H: | 914.51 Gb Total Space | 333.44 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 364.67 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive M: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: DEUCE | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 11:58:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
PRC - [2012/05/21 08:19:15 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/03 23:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/03 23:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/02 10:32:04 | 000,559,536 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/21 15:02:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 23:53:56 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/06 11:47:32 | 001,711,616 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/14 19:59:52 | 000,199,680 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\CorsTra.exe
PRC - [2011/08/01 21:56:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/30 17:59:56 | 000,957,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/09 22:12:50 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
PRC - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2008/08/15 15:47:04 | 001,679,360 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\DWA-130\AirNCFG.exe
PRC - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 11:05:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:05:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 07:59:01 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/14 07:58:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/14 07:58:46 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:58:40 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/14 07:58:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/05/21 08:19:15 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/21 08:19:15 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/21 08:19:15 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/21 08:19:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/21 08:19:15 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/12 16:24:22 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/05/12 16:22:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 16:19:19 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/10 12:17:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 12:17:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/10 11:52:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 11:50:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/10 11:50:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/10 11:50:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/05/10 11:50:17 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/10 11:50:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/05/06 11:41:12 | 000,115,137 | ---- | M] () -- C:\Users\Adam\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012/05/03 23:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/31 15:17:15 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/07/19 21:33:25 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll
MOD - [2009/10/19 16:50:28 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\corsair\K90 Keyboard\hidGetKey.dll
MOD - [2008/07/10 11:50:34 | 000,262,144 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/12 20:44:18 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/12 15:03:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/21 08:19:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/21 15:02:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/26 16:29:22 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 03:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 03:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/06/21 10:38:24 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/01 20:33:51 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/01 20:33:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/16 09:23:14 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/04 16:12:04 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/10/21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/30 03:43:38 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/05/25 00:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/18 21:54:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/06 03:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/11 02:54:46 | 000,676,864 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008/09/04 16:37:46 | 000,484,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192u.sys -- (RTL8192U)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/01/20 22:43:51 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/05/25 00:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 86 FB 32 11 0E CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gamefaqs.com"
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 11:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 09:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/12 15:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 11:14:02 | 000,000,000 | ---D | M]

[2010/04/26 23:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2012/06/17 12:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions
[2010/04/26 23:35:34 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/11/13 02:33:58 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2012/05/17 13:19:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/05/21 19:29:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/13 02:33:55 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]
[2010/04/26 23:34:44 | 000,000,000 | ---D | M] (Virtus Ask Search Plugin) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]
[2010/11/13 02:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\[email protected]\chrome
[2010/11/13 02:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5wb1j8o9.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/06/12 15:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/29 11:20:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/01/07 02:56:48 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5WB1J8O9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/17 12:30:26 | 000,117,336 | ---- | M] () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5WB1J8O9.DEFAULT\EXTENSIONS\[email protected]
[2012/06/12 15:03:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/27 00:30:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/12 15:03:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/12 15:03:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.74_0\
CHR - Extension: WOT = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: AT_JamesWhite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3\
CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\1.2.1_0\
CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: uTorrent for Google Chrome = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhaafelbmbpohgmabippkndaaikgdih\2.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: goo.gl URL Shortener Lite = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnkfmkiefebamlmijhohmjaajilnlen\0.7.1_0\
CHR - Extension: Imgur the world = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\naicjelodgogagjjkgepdkjecopegkag\2.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Hover Zoom = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.4_0\
CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/09/06 17:12:33 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files (x86)\D-Link\DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab (SyncXfer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A9D106-A08E-4B6E-97F3-BB7069D54AA8}: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA20B781-885E-49FB-8251-61613395D4E6}: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E542D66E-BA2D-4322-A450-932485A3F878}: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 12:20:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2012/06/17 11:59:04 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2012/06/17 11:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 11:24:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/17 11:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 16:34:48 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Macromedia
[2012/06/12 15:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/12 15:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/11 14:06:52 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Corsair Vengeance
[2012/06/11 14:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
[2012/06/11 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\corsair
[2012/06/09 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\GSC
[2012/06/09 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSC 2.00
[2012/06/08 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Darksiders
[2012/06/08 12:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/06/08 12:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/05/29 11:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/28 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\MPlayer
[2012/05/28 13:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/05/28 13:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/05/28 13:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 15:30:03 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2012/06/17 15:29:52 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 15:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 15:29:40 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 15:25:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 15:25:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 12:39:21 | 000,000,512 | ---- | M] () -- C:\Users\Adam\Desktop\MBR.dat
[2012/06/17 12:20:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
[2012/06/17 12:17:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100687233-2500092821-2758916761-1000UA.job
[2012/06/17 12:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 12:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 11:58:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2012/06/17 11:56:25 | 000,002,748 | ---- | M] () -- C:\Users\Adam\Desktop\avgscan.csv
[2012/06/17 11:24:32 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 10:29:47 | 100,539,838 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/16 17:19:02 | 000,420,480 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/14 11:03:22 | 000,444,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 07:58:09 | 000,884,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 07:58:09 | 000,725,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 07:58:09 | 000,145,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 11:19:49 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/06/12 11:19:49 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/12 11:19:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/12 10:17:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3100687233-2500092821-2758916761-1000Core.job
[2012/06/11 14:06:57 | 000,033,525 | ---- | M] () -- C:\Windows\unins001.dat
[2012/06/11 14:06:47 | 001,174,097 | ---- | M] () -- C:\Windows\unins001.exe
[2012/06/11 14:02:46 | 000,008,119 | ---- | M] () -- C:\Windows\unins000.dat
[2012/06/11 14:02:28 | 001,180,753 | ---- | M] () -- C:\Windows\unins000.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 12:39:21 | 000,000,512 | ---- | C] () -- C:\Users\Adam\Desktop\MBR.dat
[2012/06/17 11:56:25 | 000,002,748 | ---- | C] () -- C:\Users\Adam\Desktop\avgscan.csv
[2012/06/17 11:24:32 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 14:06:52 | 001,174,097 | ---- | C] () -- C:\Windows\unins001.exe
[2012/06/11 14:06:52 | 000,033,525 | ---- | C] () -- C:\Windows\unins001.dat
[2012/06/11 14:02:33 | 001,180,753 | ---- | C] () -- C:\Windows\unins000.exe
[2012/06/11 14:02:33 | 000,025,600 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\CORSGKB.sys
[2012/06/11 14:02:33 | 000,008,119 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 20:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 20:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/30 22:59:31 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{0A739897-4318-4EC5-A226-978C2BA27DC2}
[2012/01/07 13:15:28 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{97F8B0C3-DE76-490C-98F3-FA558CF7C848}
[2011/12/24 23:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{6BD9E74F-7880-4DFD-A446-AE7A8087D691}
[2011/12/07 11:23:11 | 000,000,000 | ---- | C] () -- C:\Users\Adam\AppData\Local\{7EE76EB2-0CD4-449A-AA3D-35A90D2ED46D}
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/26 00:54:39 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/12 13:18:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/13 21:24:06 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/11 12:43:11 | 000,864,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 20:32:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/07/19 21:34:32 | 000,003,284 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\ANIWZCS{88A9D106-A08E-4B6E-97F3-BB7069D54AA8}
[2010/07/19 21:33:05 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2010/07/02 17:55:57 | 000,003,584 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/09/10 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\.minecraft
[2011/10/13 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVG2012
[2010/05/02 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVG9
[2012/01/28 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BigHugeEngine
[2011/12/24 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broken Rules
[2010/10/28 22:29:54 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Certblaster
[2012/05/02 10:03:08 | 000,000,000 | -HSD | M] -- C:\Users\Adam\AppData\Roaming\Common
[2012/06/11 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Corsair Vengeance
[2012/01/22 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\cYo
[2010/05/18 22:02:13 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
[2012/04/16 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DarknessII
[2012/05/27 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DisplayFusion
[2011/07/01 03:59:23 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Dropbox
[2010/08/14 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
[2010/12/24 00:56:48 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Hothead Games
[2010/11/21 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MotioninJoy
[2011/04/29 00:27:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mount&Blade Warband
[2010/08/11 03:47:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NationRed
[2010/05/19 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Notepad++
[2010/05/10 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenArena
[2011/05/31 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2011/10/21 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Origin
[2011/01/25 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RIFT
[2010/08/04 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\runic games
[2012/05/07 10:04:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Samsung
[2010/08/10 03:18:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SEGA Corporation
[2010/12/04 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SQL Developer
[2010/12/04 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Subversion
[2010/07/16 13:26:56 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SystemRequirementsLab
[2012/06/17 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent
[2010/04/29 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Wizards of the Coast
[2012/05/10 21:26:59 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
  • 0

#4
Essexboy
Posted 18 June 2012 - 07:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you are not experiencing any problems then Run OTL and press the cleanup button to remove it
  • 0

#5
Essexboy
Posted 22 June 2012 - 08:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP