Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infected? Hidden objects, please help don't know what to d

Started by Joiklu , Jun 13 2012 10:50 AM

  • Please log in to reply

#1
Joiklu
Posted 13 June 2012 - 10:50 AM

Joiklu

    New Member

  • Member
  • Pip
  • 1 posts
Hello!

My AVG detected 7 hidden objetcs today, which I can't remove and i've tried three times. The four last letters infront off .sys only changes and the 7 objects are still there when I reboot.

I dont know much about computers and im afraid to be jack by any passwords etc for my bankaccounts and so on, please help me remove them, i would be really happy for any help given!

OTL copy;
OTL logfile created on: 2012-06-13 18:38:04 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mathias\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,99 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,59% Memory free
7,98 Gb Paging File | 6,03 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 27,39 Gb Free Space | 35,10% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 716,43 Gb Free Space | 83,95% Space Free | Partition Type: NTFS

Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-13 18:31:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Downloads\OTL.exe
PRC - [2012-06-11 10:48:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-06-09 11:22:11 | 000,932,528 | ---- | M] () -- D:\Downloads\Data\SpotifyWebHelper.exe
PRC - [2012-04-30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012-04-13 17:40:14 | 004,361,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
PRC - [2012-04-06 21:16:26 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-06-09 00:47:37 | 001,087,384 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-04-23 16:20:36 | 001,670,144 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008-11-06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
PRC - [2008-06-26 19:09:36 | 000,167,936 | ---- | M] () -- D:\WlanWpsSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-11 10:48:57 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-06-09 11:22:11 | 000,932,528 | ---- | M] () -- D:\Downloads\Data\SpotifyWebHelper.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-04-20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-06-11 10:48:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012-04-06 21:16:26 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-12-14 17:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-11-06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2008-06-26 19:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- D:\WlanWpsSvc.exe -- (WlanWpsSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-03-19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-12-23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-04-20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-04-20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-05 03:28:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-06-23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-08-20 11:00:10 | 000,664,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005-03-29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://se.woofi.info
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://se.woofi.info
IE - HKLM\..\SearchScopes,DefaultScope = {2B857B91-9077-4DCF-A5D4-36294D6D6D16}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2B857B91-9077-4DCF-A5D4-36294D6D6D16}: "URL" = http://se.woofi.info

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://se.woofi.info
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 AD 16 E0 B4 AC CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {380008A7-13AF-428E-B605-79654A5433AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B857B91-9077-4DCF-A5D4-36294D6D6D16}: "URL" = http://se.woofi.info
IE - HKCU\..\SearchScopes\{380008A7-13AF-428E-B605-79654A5433AA}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "http://se.woofi.info"
FF - prefs.js..browser.search.selectedEngine: "http://se.woofi.info"
FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://se.woofi.info"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-05-29 18:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-05-18 20:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-11 10:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-04-11 17:32:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-11 10:48:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-04-11 17:32:02 | 000,000,000 | ---D | M]

[2011-03-01 14:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012-05-07 15:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\xs7smtdo.default\extensions
[2012-03-14 12:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-06-11 10:48:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-03-01 12:34:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-03-11 12:00:22 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-03-11 12:00:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-03-11 12:00:22 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-03-11 12:00:22 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-03-11 12:00:22 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-03-11 12:00:22 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] D:\Downloads\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7319C401-B33B-4F14-A940-BFDCEBDFF2F4}: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE204BA-1261-44ED-BE12-86A5CA3F7A69}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01da4f5b-286f-11e0-b857-20cf30702222}\Shell - "" = AutoRun
O33 - MountPoints2\{01da4f5b-286f-11e0-b857-20cf30702222}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2beb50db-186b-11e0-a89c-20cf30702222}\Shell - "" = AutoRun
O33 - MountPoints2\{2beb50db-186b-11e0-a89c-20cf30702222}\Shell\AutoRun\command - "" = F:\FrameworkCheck.exe
O33 - MountPoints2\{86417c70-5143-11e0-86b9-20cf30702222}\Shell - "" = AutoRun
O33 - MountPoints2\{86417c70-5143-11e0-86b9-20cf30702222}\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-13 13:42:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-06-12 20:22:28 | 000,000,000 | ---D | C] -- C:\Windows\pcidevice
[2012-06-12 20:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2012-06-12 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\InstallShield
[2012-05-29 18:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-05-29 18:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

========== Files - Modified Within 30 Days ==========

[2012-06-13 18:30:46 | 000,098,126 | ---- | M] () -- C:\Users\Mathias\Desktop\sdsd.png
[2012-06-13 16:45:55 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-13 16:45:55 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-13 16:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-13 16:40:51 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-13 14:03:31 | 001,466,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-13 14:03:31 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-06-13 14:03:31 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-13 14:03:31 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-06-13 14:03:31 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-13 13:59:13 | 000,466,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-06-13 13:33:31 | 100,275,833 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-06-12 20:22:28 | 000,000,279 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012-05-22 17:18:39 | 000,363,495 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2012-06-13 18:30:46 | 000,098,126 | ---- | C] () -- C:\Users\Mathias\Desktop\sdsd.png
[2012-06-12 20:22:28 | 000,000,279 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012-03-23 20:14:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011-05-05 16:23:58 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-05-05 16:23:58 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-05-05 16:23:58 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-05-05 15:50:21 | 000,030,645 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-03-17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-01-06 17:23:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-01-05 10:23:13 | 002,582,016 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011-01-05 10:23:13 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-01-05 10:23:13 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-01-05 10:23:13 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-01-05 10:23:13 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-01-05 10:23:13 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-01-05 10:23:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-04 23:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011-10-19 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\AVG2012
[2011-06-04 00:12:03 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012-04-06 21:58:55 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ESRI
[2011-07-28 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Garmin
[2011-05-25 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\LolClient
[2011-03-03 21:04:26 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mumble
[2011-06-09 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Personal
[2012-06-12 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Spotify
[2012-05-28 11:25:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extas?
OTL Extras logfile created on: 2012-06-13 18:38:04 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mathias\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,99 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,59% Memory free
7,98 Gb Paging File | 6,03 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 27,39 Gb Free Space | 35,10% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 716,43 Gb Free Space | 83,95% Space Free | Partition Type: NTFS

Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Downloads\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Downloads\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Downloads\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Downloads\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013FB1E6-9084-450E-9C7A-982BC0CDDABD}" = lport=445 | protocol=6 | dir=in | app=system |
"{15AEE910-8888-4188-BB57-CBE327DA06D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{172868BC-0A9E-4ADD-8634-162C1C03532E}" = rport=137 | protocol=17 | dir=out | app=system |
"{18BC8B00-124D-4003-BFDD-C2EDFC0A7BF0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2AECEFB1-75A6-408F-81DE-4754ACCFDE71}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D5C605E-73B1-4C52-B75F-4139C5DB9283}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39AADD56-1E67-41AC-9BE6-30D2AD8F0528}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AC71890-219D-4018-BA86-EFC00562FF2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{434338F0-3F00-43F6-AEB3-8CEA797ADEB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46D27E0D-8E57-4A57-AB6E-38555DC48CC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51541675-5EDF-4DDE-B004-A36C71FB7825}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC7628C-2B11-494B-863F-7405B5A172F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6EAE949A-32B2-4E59-95E1-B7DBF9FFF3C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D233134-DB2A-471E-AF02-7BA99FA5F922}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9487135D-7EC3-415F-BF35-598A4D873249}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99940F42-647A-4CB4-B8CD-58A3639BE654}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D96CEA3-3DAD-421D-8388-B5704EA35595}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ADEEB2A9-B089-4AC3-91E7-A1053A65404E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B0BF4E9A-4C51-4ECF-8A1F-AB988B979BBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B57D554F-DC8B-40F5-9F39-A23BDB993396}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD80A4D9-8AB9-4A1E-8584-95B043103C9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF54A4F2-21FC-468A-AEC9-8D20100D12E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0401742-54EB-4A77-8362-82F82C5B7957}" = rport=138 | protocol=17 | dir=out | app=system |
"{E71F218E-B278-4EBC-85C6-8107C195E2DA}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185C03B-E499-43FA-8696-9A6EC7E3B01D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0B2E3818-F55F-486B-974B-246A1597C2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{0C875D64-66B5-4817-9059-1ACB3839159B}" = protocol=6 | dir=in | app=d:\spel\unreal.tournament.3-avenged\binaries\ut3.exe |
"{0F1B8554-370C-4BB7-94D3-6807588F9648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15CAF064-4FC8-4BC3-BDD9-E22C1FCE98D5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{191A29DB-B722-441C-9310-0226E3BE415A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{22E70922-68A5-4A93-8CA8-EAD1EF72A539}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2306189D-A1EF-432B-9DF6-93385D31EA9A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{243F2685-E52D-4AEC-AF5D-22626F1F039B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{244DD986-F4E7-4C72-A0E9-6E8202AABAFA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{26907144-3BC5-457D-B38D-4FDA7E2534C1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{28F46179-1269-4574-AC96-97328EE20D31}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{2E0495CA-9030-4A0A-ACF4-B3A687715570}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2ED39B00-5C61-468C-BC24-27171B4A8E22}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{331B5A4F-3E08-4C38-AB1F-3134300C9115}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{37656878-7682-486C-8123-2CE8358D060F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{3967EC4C-8E52-40F2-946A-18EAA1119CA8}" = protocol=58 | dir=out | [email protected],-28546 |
"{3967FA00-E2C7-460C-A343-D546849F0DFD}" = protocol=17 | dir=in | app=d:\spel\unreal.tournament.3-avenged\binaries\ut3.exe |
"{3CF27A01-37A4-4875-A54C-66577545A105}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{49FB46C8-DA35-4585-A0AE-D0131F256705}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F9CAD5E-1EC4-4A9E-8DD1-A67D5D4E9CF0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{53A15760-AB82-4BEA-9C00-7131492A7745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{562362A1-2038-40CE-BF5D-CFE0D09EB0E6}" = protocol=1 | dir=out | [email protected],-28544 |
"{582A2EE4-1E71-4249-89D2-27FEC4C84DD7}" = dir=in | app=c:\program files (x86)\skype2\phone\skype.exe |
"{67F01702-E125-4F17-9B5C-343F71514CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68E31133-D60B-437B-94E1-AE71548A7364}" = protocol=6 | dir=in | app=d:\spel\world of warcraft\launcher.patch.exe |
"{6A341185-BF35-487B-BC30-9FD3C7560648}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{742EC0A1-D5BC-4C90-BEF4-7A93D65F30F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{77F4695E-493C-4BDA-8A65-A8CAE9BD354B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A6991CE-8D99-4E9B-A9B2-BEE851F4D92E}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{7B99EF8C-205B-4906-BFB0-D58567594C2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84ABA833-0DAF-4660-8AA8-0D3D92DA0770}" = protocol=17 | dir=in | app=d:\spel\world of warcraft\launcher.patch.exe |
"{8A244BFA-F4D8-4C61-BF75-1ED2E95BE022}" = protocol=58 | dir=in | [email protected],-28545 |
"{9B08D3B9-53EC-4027-BE41-580B52ACB44D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9D082EC7-11D1-455D-B8FB-FEE331F5E0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9DD6D729-A1A1-4E50-AFEC-5F7C8F2434A9}" = protocol=17 | dir=in | app=d:\spel\world of warcraft\launcher.exe |
"{A11BE438-1084-496B-9B87-B605C3A7B17F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7CD413E-A290-4480-BE06-49F569714AC9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A943B9C7-C105-453A-B245-112F35D06F65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACF5A912-91A0-4D42-99EB-FA79225E974E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AD42A97F-909F-449F-8A20-C8E637517B65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF3DF3BF-4527-4DF2-9961-D12E8C439D01}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B8AF9DEA-F16B-4CA8-8566-390FB3FA7B31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BA3F0BF3-E5AB-4F02-92A8-105C86648405}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BC4D0B10-C4FB-439A-B2CC-A99C2FB3D969}" = protocol=6 | dir=out | app=system |
"{BD35295D-4BC0-4764-A921-41407A121D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{C3BE6B6A-1B76-41CD-BE58-5580E0424C22}" = protocol=6 | dir=in | app=d:\spel\world of warcraft\launcher.exe |
"{C788BF13-26B3-4CBF-8B97-81C6D961B069}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{CD4DAE5B-641F-43BA-872B-544D9F36371F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D17AAFE6-57F0-4151-B2A9-758F48AE880E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D4A1A7DE-EBEE-4719-B71A-8D66505D02DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{D55E70CF-DAE6-44E5-867A-952646196674}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DF2644D6-0DC8-4973-B875-14EE19BF8628}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E49EA32F-6E33-4202-8A02-2AFFC76CC7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5504C3F-BEC8-494A-9658-21F71B0C38B9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E749B9A8-5046-4018-AA98-15EB7440A060}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EC09A2CC-76B6-4150-A3C8-4106E767D927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF3D8EDC-03A2-414D-95B7-07A68C80E9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{F0F6014F-947A-4071-982F-1CF9516BC993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F179BBE4-6483-4FA9-9F61-4A9C5F050490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F8C53EBF-36D6-4ACD-A8E6-E40272D0DBB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FAF436EF-F141-4A86-B670-69E99DF62E4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFD674C9-25BE-4D99-9C8A-0F63A4C06060}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{020379F2-EB63-4FB5-9C5C-BDF07303B857}D:\spel\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{07D0AC40-0C51-4B53-A20B-BAD3310A6D93}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0DF0B568-5C10-4212-9AE6-4B8F5D4C923E}D:\spel\unreal.tournament.3-avenged\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\spel\unreal.tournament.3-avenged\binaries\ut3.exe |
"TCP Query User{1F8875A1-C297-4C46-95E2-ACE056CD2B10}D:\spel\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\blizzard downloader.exe |
"TCP Query User{2403BA0A-7A4C-46B3-B1A8-444AD90FD862}D:\spel\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=d:\spel\heroes of newerth\hon.exe |
"TCP Query User{35C84278-BEFC-435B-8EB7-9983AA4A8A30}D:\spel\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=d:\spel\heroes of newerth\hon.exe |
"TCP Query User{43054910-466B-4DE6-8016-FBD549A98611}D:\spel\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{4D3415CF-579A-4D42-8A77-170CFBEDB618}D:\spel\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{57510647-B410-473B-A08F-DD5ACA7D6DAA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{5FB03C76-7263-4C8A-B110-BB8E81D29AF8}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{652674AE-F57D-4288-A168-A806F63FF6AB}D:\spel\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7E4E676A-5B31-4DF0-8AAF-EB858B0D0B5D}D:\downloads\utorrent.exe" = protocol=6 | dir=in | app=d:\downloads\utorrent.exe |
"TCP Query User{7F0315D5-27E9-4987-8565-B6C71BE77E1F}D:\spel\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\spel\diablo iii\diablo iii.exe |
"TCP Query User{87851448-E412-4A2D-8447-A0ED911E420F}D:\downloads\spotify.exe" = protocol=6 | dir=in | app=d:\downloads\spotify.exe |
"TCP Query User{BBBA8E2D-6569-49A7-B679-4D40129BA84A}D:\spel\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{CB8B4CB6-3F64-4297-9B4D-349447EF2139}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{E9573692-5DAD-42EC-AE99-F82C638C374B}D:\spel\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{0422AC66-1484-4A6C-BF9A-31CE8A76EB9B}D:\spel\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\blizzard downloader.exe |
"UDP Query User{13FC6E4C-8DA4-4935-90B0-D062D187F108}D:\spel\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{24C36CF1-0B28-4668-B117-B25193A0DA66}D:\downloads\spotify.exe" = protocol=17 | dir=in | app=d:\downloads\spotify.exe |
"UDP Query User{3231DDBA-73FB-4509-A5CE-EDDFEDDFA950}D:\spel\unreal.tournament.3-avenged\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\spel\unreal.tournament.3-avenged\binaries\ut3.exe |
"UDP Query User{3E64A6F4-7AA8-496B-9082-C9C640EA9E3D}D:\spel\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\backgrounddownloader.exe |
"UDP Query User{41346CB1-2440-4873-A3F9-AF9A6832AC18}D:\downloads\utorrent.exe" = protocol=17 | dir=in | app=d:\downloads\utorrent.exe |
"UDP Query User{5A5A2F88-C06A-48AA-A049-4F3F0A886A7F}D:\spel\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{5A753E57-C99C-4DE0-A345-9DDBFE60435F}D:\spel\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=d:\spel\heroes of newerth\hon.exe |
"UDP Query User{6E2E42BC-CC93-4AD7-B484-EC58302ACE75}D:\spel\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=d:\spel\heroes of newerth\hon.exe |
"UDP Query User{70D5A8D2-3104-4F0A-ADF1-D94705C7AD7F}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{8030FE78-1FE2-4DC5-8757-13A87946F123}D:\spel\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{90E6FBF1-3806-41B1-936B-97E84D5AB299}D:\spel\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{911CA249-7E27-4D3D-B1CE-11B6C748CFBC}D:\spel\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\spel\diablo iii\diablo iii.exe |
"UDP Query User{A21626E9-823C-427D-843E-77CF22774FDD}D:\spel\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spel\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{E04A3018-DC2A-40C1-9E35-493547E8177C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{E5622CAE-31E8-45E3-86E2-0C61596D9652}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041D-1000-0000000FF1CE}_ENTERPRISE_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9198056-A296-4583-A790-C0E73694CFE8}" = D-Link DWA-131 Wireless N Nano USB Adapter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E394CC6D-9F54-41CC-9415-6FFF07885881}" = Garmin WebUpdater
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 9.20
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"hon" = Heroes of Newerth
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0
"Mozilla Firefox 13.0 (x86 sv-SE)" = Mozilla Firefox 13.0 (x86 sv-SE)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Personal" = BankID säkerhetsprogram 4.18
"Spotify" = Spotify
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-06-13 07:54:21 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:54:22 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:54:23 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:54:33 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:55:06 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:55:23 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:55:24 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:55:25 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 07:55:33 | Computer Name = Mathias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <http://www.download....throotstl.cab>.
Fel: A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file. .

Error - 2012-06-13 11:21:49 | Computer Name = Mathias-PC | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: wirelesscm.exe, version 4.29.123.0,
tidsstämpel 0x4aa8b9e2 , felet uppstod i modulen med namn: unknown, version 0.0.0.0,
tidsstämpel 0x00000000 Undantagskod: 0xc0000005 Felförskjutning: 0x00000000 Process-ID:
0xdd0 Programmets starttid: 0x01cd49728e5e6bec Sökväg till program: D:\wirelesscm.exe
Sökväg
till modul: unknown Rapport-ID: 7e9a661f-b56b-11e1-a854-20cf30702222

[ System Events ]
Error - 2012-06-11 18:41:33 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-11 20:17:30 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-12 15:05:43 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-12 16:13:24 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-12 20:17:09 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-13 07:57:34 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-13 09:39:23 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-13 10:20:02 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-13 10:28:23 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-13 10:39:58 | Computer Name = Mathias-PC | Source = DCOM | ID = 10010
Description =


< End of report >



I've attached a print screen on AVG.sdsd.png
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP