Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Rootkit problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 Boomington

Boomington

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 June 2012 - 04:01 PM

I have Windows 7. I use AVG Internet Security 2012 as my anti-virus and it detected that I have a rootkit on my computer. I clicked the remove selected button on it and AVG said, "Threat can not be removed by standard user rights. Do you want to remove threat as power user?" and when I click yes it says that, "infection removal requires a computer restart. Would you like to restart your computer now?" When it was done restarting the rootkit was still there when I went back to scan again. I tried to run DDS but it would not work and when I finished my scan with GMER and tried to save the log, notifications would pop up that AVG and Windows Defender became disabled and my computer would remain loading for a bit not letting me click anything until it eventually blue screened.
The BSOD said that the video memory manager has encountered an unexpected fatal error and the technical information was, *** STOP: 0x0000010E (0x0000000B, 0xD3D7A8D0, 0xC0000017, 0x00000000)

Attached is the report that AVG give me about the rootkit it detects. Any information on what to do next would be appreciated.

Attached File  AVG Report.jpg   46.54KB   7 downloads

Edited by Boomington, 06 June 2012 - 04:02 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 09 June 2012 - 10:03 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Boomington

Boomington
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 10 June 2012 - 12:55 PM

OTL logfile created on: 6/10/2012 1:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Brody\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 67.99% Memory free
5.50 Gb Paging File | 4.30 Gb Available in Paging File | 78.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 287.89 Gb Free Space | 41.21% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 698.52 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: BRODY-PC | User Name: Brody | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 13:34:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brody\Downloads\OTL.exe
PRC - [2012/06/09 19:31:20 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/09 19:31:18 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/06/07 12:50:37 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/06/07 12:49:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/04 10:26:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2007/08/23 16:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/09 19:31:21 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/09 19:31:18 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/07 12:50:33 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/06/07 12:50:29 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/06/07 12:50:27 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/06/07 12:50:27 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/06/07 12:50:25 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012/06/09 19:31:20 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/07 12:50:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/09 23:16:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/04 10:26:08 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/23 16:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/06/10 07:59:45 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/05/31 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 04:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 04:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/17 18:22:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20120605.001\IDSvix86.sys -- (IDSvix86)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/30 03:01:08 | 000,309,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/12/10 13:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 13:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/11/28 10:30:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/04 11:24:49 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/04/08 02:58:30 | 000,101,904 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008/11/03 22:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={16EC476B-6531-4F2A-8447-BFD11DC6FA8C}&mid=7e119bf89c8147d1b22fd16d5b91c6ad-ab89a250c885b233c0726e9af8f95b8bd8da5765&lang=en&ds=AVG&pr=fr&d=2012-06-09 19:31:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2790392&SearchSource=13"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brody\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brody\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brody\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 18:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/29 15:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 17:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/09 19:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 17:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 15:12:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 18:07:57 | 000,000,000 | ---D | M]

[2011/07/09 18:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brody\AppData\Roaming\Mozilla\Extensions
[2011/12/19 15:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\extensions
[2011/07/09 18:42:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/09 18:42:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/07/09 18:42:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\extensions\engine@conduit.com
[2011/07/09 18:42:27 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\extensions\runtime@panda3d.org
[2010/11/28 09:55:40 | 000,000,863 | ---- | M] () -- C:\Users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\searchplugins\conduit.xml
[2012/03/20 14:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/09 18:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/15 17:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/20 14:28:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/07/09 18:07:57 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2012/05/10 18:00:28 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9\
[2012/06/09 19:31:29 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7\
[2012/03/20 14:28:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/09 19:31:15 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brody\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brody\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brody\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Brody\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Brody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk File not found
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11080EC0-BD95-4BA2-B9D6-1AB8803FE561}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8762EF2D-1328-4408-A1AA-0E19736F18DB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Brody\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brody\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 08:00:54 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{2DCDFC4C-751D-424F-9DD6-E6FE58869A7D}
[2012/06/10 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9D1BBB6D-C300-4D08-A866-487485CA57A1}
[2012/06/09 19:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/09 07:15:24 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{D3B6B805-BEA2-4D8D-908F-1E283AC326DF}
[2012/06/09 07:15:11 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{29C98777-E855-4658-B838-5C42E293DFA8}
[2012/06/07 12:51:25 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9D4CEA42-7AD3-4D07-AE25-37E64E6DF14B}
[2012/06/06 20:37:09 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{5930B470-F49B-4DD8-B637-8EE96FB3022C}
[2012/06/06 20:36:58 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{C981D51C-A37A-48D1-881E-212B04FCDEB2}
[2012/06/06 16:23:37 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{49735FA0-CAD1-4AFD-A3F7-BA4838C423D0}
[2012/06/06 16:23:20 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{5ED1E4A2-B6B3-46BF-9386-D15513162A45}
[2012/06/06 12:43:57 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{56499FF6-E74E-4C6E-AB50-26C9BA78D20A}
[2012/06/06 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{CECCD316-9AB9-4773-A3DC-5DED2733138F}
[2012/06/03 22:34:05 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{C81A23FD-883E-42A8-BA68-8A1B37C5920A}
[2012/06/03 22:24:07 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{1D402B38-2B70-4150-BAD9-51D08E882E4A}
[2012/06/03 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{16AE4720-F74F-4DE6-A0DB-9288D819CEDF}
[2012/06/03 18:20:27 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{0189D15D-FAEE-4238-8A96-722F0D6BA8E6}
[2012/06/03 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{F80CE75E-996A-47A6-9594-FA1FF17488A4}
[2012/06/03 11:09:58 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{A1401BB9-6A67-4A6D-B8C7-BFD2C7EA82CE}
[2012/06/03 08:23:26 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{4F4B47B0-BD8B-4F97-A317-5AEF5D0B1CEF}
[2012/06/02 20:34:49 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{E7897CF5-C047-48C5-A11B-2DB682816886}
[2012/06/02 20:34:28 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{F1BF69A8-FFBC-4E2C-960A-ECF8BA50B69A}
[2012/06/02 09:25:40 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9B5B1758-2516-4236-8F48-C85B13CA30B6}
[2012/06/02 09:25:18 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{E2434653-9D6D-4C41-9221-2C8DB25ABF58}
[2012/06/02 08:57:40 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{CB8D324F-927B-4B08-B9DC-26FC684A2DF0}
[2012/06/02 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{715B2744-913F-4272-83EB-CD3BFCC7A9CE}
[2012/06/02 08:50:37 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{3800660F-FEC4-4A48-82BB-1957FF1A9C33}
[2012/06/02 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{8B4BAAAE-D510-4C3E-A953-0CF6F95F936F}
[2012/06/01 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9D4446F5-3F9F-4BA4-8089-39125992E539}
[2012/06/01 16:22:37 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{223B9326-199F-452F-81AD-BA4F8B58D3EA}
[2012/06/01 15:18:38 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{14941DDA-B9C3-42D0-8BCB-8ACFFB0C3FE0}
[2012/06/01 15:18:01 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{EADF8906-46C4-4AD2-BC0E-945D9806DC0F}
[2012/05/31 15:02:06 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{E3AACCBC-DD6B-4252-A632-EB0E65334BB8}
[2012/05/31 15:01:50 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{DFFD26E9-F686-461F-B4A8-DCFFE859F6F1}
[2012/05/30 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{E3629471-31BE-451F-B90D-28BC81F6F85E}
[2012/05/30 14:49:40 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9EDBCC6F-D2B6-449D-AD65-3A53DF348BA5}
[2012/05/29 16:11:56 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{69FE6E07-A659-4FF1-9A5B-8003C5CA7DD7}
[2012/05/29 16:11:35 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{43FAC569-A317-4E35-8AA8-F5A6DADC0632}
[2012/05/29 15:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/29 14:59:32 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{6EEC442E-93F2-4F7B-9F7B-39AA4E4E5113}
[2012/05/29 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{5C674C7E-57A9-4C23-B0AA-CC6AD97F2025}
[2012/05/28 08:52:56 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{2CE94F64-562A-4324-BDDD-99068EA125F5}
[2012/05/27 16:10:28 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Roaming\LolClient2
[2012/05/27 07:03:01 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{8E031932-19FE-4054-A805-0F682F7A60B1}
[2012/05/27 07:02:49 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{142EE5FA-CBF2-471A-A49B-DFC409312FC5}
[2012/05/25 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{EF3D16CC-EFAA-427A-AF93-563947D26B22}
[2012/05/25 14:48:46 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{BA44A6A9-C29C-49C8-A301-7F985C323A97}
[2012/05/24 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{42F29906-B40D-4791-BB18-2B6218746ABC}
[2012/05/24 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{043014BA-EE6B-4692-B168-0945CC2CC423}
[2012/05/23 14:48:22 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{3E28FD4A-BE74-4774-9B81-F9A98543C48D}
[2012/05/22 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{10244A02-7F53-4622-BAF1-D21485376DE7}
[2012/05/21 18:44:06 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{734B3D47-2A93-4C14-936E-0FE8C2028569}
[2012/05/21 14:44:13 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{F132A904-156A-446F-BA40-92C96DBBCD89}
[2012/05/21 14:44:01 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{1B8E43F1-D5FC-4025-9758-0FC17B2F55A2}
[2012/05/20 08:01:40 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{2EF1263B-605C-47D2-A6B8-8C7E6A394E29}
[2012/05/18 14:49:19 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{D4493954-8134-45AF-9550-D4772CD55E36}
[2012/05/18 14:48:56 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{55E38138-9D6E-4B68-8278-5C4CA274525E}
[2012/05/17 14:49:27 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{87409C7E-52F4-41D4-9F13-0E52AB5B81B8}
[2012/05/17 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{13A18D9C-34D4-41A9-B3A8-457D973BCBDC}
[2012/05/14 19:14:48 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{444C379C-F9E6-4DD7-9066-BD0BF27358D8}
[2012/05/14 19:14:22 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{CE50CCC7-0A34-4412-A3D8-CA18ED642A29}
[2012/05/14 14:45:17 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{9483ABBB-25E2-4E06-82C3-A1F3D38D9CF2}
[2012/05/14 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{7A894C06-C458-4865-9CEF-B369976741CC}
[2012/05/13 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\Brody\Documents\Spartan
[2012/05/13 09:04:50 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{6720C133-86E6-41C2-8FD4-7690BE8E564B}
[2012/05/13 09:04:39 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{CA8F6BBB-3A9C-49A0-A3AE-E7E2AA7044D4}
[2012/05/12 08:27:35 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{C2FD0CD6-7900-4701-99E8-2B3DBD722B2D}
[2012/05/12 08:26:59 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{4FFF8C03-FE50-41E3-99B5-E89FCB389BD7}
[2012/05/12 06:59:51 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{03F37BF1-C8A3-4E2A-A476-0AB070253667}
[2012/05/12 06:59:23 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{C81FB09D-B1AF-49A3-9A34-E4AA55503388}
[2012/05/11 14:51:51 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/11 14:51:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/11 14:51:50 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/11 14:51:45 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/11 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{C8FA197B-3A91-45C3-8D3B-97BED4062E8F}
[2012/05/11 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Brody\AppData\Local\{A678D871-6892-4A84-BFD9-FA562D3CE47C}
[2011/01/30 10:17:31 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Program Files\python26.dll
[2011/01/30 10:17:31 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brody\Documents\*.tmp files -> C:\Users\Brody\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 13:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275492190-2307126785-2797742586-1000UA.job
[2012/06/10 12:54:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/10 08:59:04 | 100,143,439 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/10 08:07:22 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 08:07:22 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 07:59:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 07:59:46 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/06/10 07:59:45 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012/06/10 07:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/10 07:59:28 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 15:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275492190-2307126785-2797742586-1000Core.job
[2012/06/09 11:02:21 | 000,287,806 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/06 20:34:49 | 517,018,676 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/04 20:00:57 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Brody.job
[2012/06/03 14:39:29 | 000,000,020 | ---- | M] () -- C:\Users\Brody\defogger_reenable
[2012/05/29 15:05:15 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/28 15:21:23 | 000,625,911 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/24 14:47:19 | 000,002,228 | ---- | M] () -- C:\Users\Brody\Desktop\Google Chrome.lnk
[2012/05/24 14:47:19 | 000,002,105 | ---- | M] () -- C:\Users\Brody\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/12 06:58:07 | 000,363,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 22:44:39 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 22:44:39 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brody\Documents\*.tmp files -> C:\Users\Brody\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 14:48:25 | 000,302,592 | ---- | C] () -- C:\Users\Brody\Desktop\gmer.exe
[2012/06/03 14:38:29 | 000,000,020 | ---- | C] () -- C:\Users\Brody\defogger_reenable
[2012/03/20 23:25:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/07/15 17:01:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/07/09 18:50:26 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/09 18:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/30 11:04:43 | 000,099,518 | ---- | C] () -- C:\Program Files\Uninstal.exe
[2011/01/30 10:17:29 | 004,235,692 | ---- | C] () -- C:\Program Files\future_manifest.rar
[2011/01/30 10:17:29 | 000,110,080 | ---- | C] () -- C:\Program Files\BCBDateSim.exe
[2011/01/30 10:17:29 | 000,005,353 | ---- | C] () -- C:\Program Files\README.html
[2011/01/30 10:17:29 | 000,004,960 | ---- | C] () -- C:\Program Files\BCBDateSim.py
[2010/07/10 11:54:59 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/01 19:36:21 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/01 19:36:20 | 000,138,056 | ---- | C] () -- C:\Users\Brody\AppData\Roaming\PnkBstrK.sys
[2010/07/01 19:36:06 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/07/01 19:36:03 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/07/01 19:36:02 | 002,444,656 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe

< End of report >



OTL Extras logfile created on: 6/10/2012 1:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Brody\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 67.99% Memory free
5.50 Gb Paging File | 4.30 Gb Available in Paging File | 78.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 287.89 Gb Free Space | 41.21% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 698.52 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: BRODY-PC | User Name: Brody | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B03624-8B98-4DD5-840D-2A45BC3BE35D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C69B4D-39AF-464A-84D8-047A45CFD4CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EE86B02-CE00-41E3-84E8-63C5F77980D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7E3555FD-0807-472F-A2BF-3E1FC3858590}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{C5547EB7-7E2C-47FC-861D-B0B502AC47B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0C4C318-722D-491C-9E84-7F375FE7570F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED6880-3A91-43B9-950D-2A532956A382}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\deus ex\system\deusex.exe |
"{011B3DFC-E133-4CC2-84CC-5C2D69B90599}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{016CC7B8-BAD9-4D07-B8B0-34ADECA294F2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0589C9BC-A7C1-4A9D-822B-73A7F54B00B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |
"{05F3730F-6673-401E-A0E0-E8676DF192EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{06FB387B-BCFC-464A-8A1A-155C3AD8F675}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{07C63A05-6BB2-479C-A170-86288C4EACC9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{0841A11B-741A-4E51-AEBA-7983A765FA25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{089896EB-0D75-418C-B1BC-0E470881CFFF}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{08B0886B-39A7-4046-B61E-18CCB33C5741}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{09B2DAF4-D410-41BE-80A6-87467B868177}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{0C06C36C-6A2D-4DAB-8C87-7A5212131CB2}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{0CBBC04E-5C33-45FB-B574-52B5C5FC0F6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{0CE4AC46-D9F4-41CE-B641-932361A1A2D1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0F07A42C-6E57-452D-9D0F-B91033CB5D4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\pc gamer digital edition\freakshow.exe |
"{10FA8E3D-5C45-4C2E-A835-7258D182DE35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{10FDCCBC-6603-4F80-97DC-803E9912E749}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{110DB67A-3B5B-4F4E-BAF7-68A5E22F398F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{1194331C-5740-4AF9-9007-AE18B1EE83E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dino d-day\dinodday.exe |
"{11B2C7CC-AAD4-43B3-A4A0-B12208A48CF5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable the lost chapters\fable.exe |
"{12B7554B-8B5E-40BA-98C4-0BBD190845DC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe |
"{1465E150-7A4D-4902-97D5-D86C3D36C09A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{1563855D-AAC8-4FDB-BD55-F8C99EACD7AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{15E69A38-F612-42C7-8EED-0097FDED4DAF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{165E0114-B0DB-422D-B401-6E94F37A8544}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{18D499B7-BDFD-49AE-9DFF-D96D4EAA0845}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{18D7031D-DFDE-46EA-9551-A89D0B024972}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{18FAFFFC-9FD9-44B9-9787-80DC05F69F87}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\pc gamer digital edition\freakshow.exe |
"{191BF4B0-981B-4622-9530-4186BCF6C25A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C6E2FC0-9878-40E7-A90D-F59EC9B91E93}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{1CECDFA2-C1BF-4A5A-9D2D-88BBE14570C4}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{1E3FA46A-5926-40B0-9255-04060B8EE7B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution beta\dow2.exe |
"{1E86D131-B6A3-4037-9125-3B2A0D8B73EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1F3B3CD8-9BE4-4DF4-B0BB-A94211ACB098}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{1F5598A5-20BB-4C28-AB41-151111E79EDF}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{1F7BC481-85C0-4C4F-ABAA-93FF444A47C8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{221B203B-1016-4306-9B5B-A971AAF36A6C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{22284AC3-EB49-4548-8717-11CFDF3D29D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{247173C0-DE9E-449F-BA0F-0FDEB7B5BF21}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{255EF95E-E52E-48B0-A616-9DE9169A9763}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\from dust\from_dust.exe |
"{2571F872-BF31-40AD-9CBD-30F2B4E3792A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{25EF5B75-F792-4726-BC06-93E6F2B4A793}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hackslashloot\hackslashloot.exe |
"{27A694D1-0A6E-4302-8072-C44552132F40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{2832F08D-4102-4B86-8FE1-FFF512345AEB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{29860EF2-5DC1-4184-BA20-9B1F49840246}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\from dust\from_dust.exe |
"{2C01B932-4174-4404-A6A0-7A89622AB85B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{2D202FEA-7B9C-4E2B-BDAF-E8ABF97A2A44}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{2E1157D2-B5D7-4258-87AA-A44C6D71D2CB}" = dir=in | app=d:\setup\hpznui01.exe |
"{31439E4F-CF38-4385-94E7-ECDEC2977BCC}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{31A8932D-492A-49D7-9B7E-69B4DB8C591C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\zombie panic! source\hl2.exe |
"{31B17931-8074-4A07-B60A-62463CBFA5F2}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{31B2DE87-F864-4764-909D-E26CDBE9FEF3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii - demo\dungeon siege iii.exe |
"{342C6551-0F6C-40E6-89A7-C91B0B8DF78A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{34CD4E99-FCA8-4908-85A7-EE92B6938939}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{34EE6A41-AFA2-43CA-B39C-FCD13DE9908B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{352341D9-561B-4020-86DA-CD1405C6D7FA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{358F8228-E5A6-4725-949B-4B3DFA2F0178}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{372DDE8F-5ECB-4976-B0CF-8608FD7E79D3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{37A8E3DD-6875-484B-B2EA-885551FB3EFE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{37DDBF4B-0971-4AD7-BDD5-B67EF7926ACE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{38A32183-D715-4FF5-90F1-CCCB5446B68F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{38C449FD-2019-41C6-B611-F8C3E3FB76D9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{3935547C-DE92-4E18-83B3-1F67F163CFCB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{3A54F347-C670-450A-81FA-A666F8EB76BA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3AE6523D-A1FD-475C-81C9-FCC2FFC1FE3B}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{3C58FF05-3C6A-47BA-95A7-52DEA9D91323}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{3CD78785-1C49-445A-96CF-C0DCDBA42C76}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |
"{3DCDACAE-671F-4308-A80F-52546CC29AF8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{3E53C8C4-B172-45E6-95C0-4534F468CE0A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{3F992D29-D5B8-4D7A-9485-63E6D5442A31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{40993F27-42D2-43C6-8057-ACA23F59788D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{42D386B3-35CF-4B7F-BA04-CBCEF1E10A7E}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{4521974B-5862-4759-B453-A4C900B49698}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\garrysmod\hl2.exe |
"{45A6FCC0-99D8-45C4-97E7-0D201951DC4C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{46FBAB17-5544-4896-8205-D504E0AADC70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{4820FE74-FB58-4F5A-8A6B-935B91F06B5E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{48CCE116-794F-4632-A2B5-51440680300F}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{48EE3433-9B86-4757-A72A-68FECAEDC071}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{49C70630-2A13-4143-B2F4-4F0DD49C22F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{4AAECBDF-ADA9-4842-9645-5FA575A77FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the scourge project ep 1 - 2 demo\binaries\win32\scourgegame.exe |
"{4B32B463-9B2C-4115-885E-543E94031E7E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4C7CFA62-1926-473A-A45C-94C901CB4042}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4CB1C364-6971-4F06-8377-179CBA5868CA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{4CC26633-B7D7-423E-8736-9066979C15EC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4FC78C8E-DCFD-4486-86C9-ABB9408E401F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{50081EE2-560C-4E6D-9EF9-BAC4BB652F8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{501A802C-4D76-4764-AECF-B20ACD69B47C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\deus ex\system\deusex.exe |
"{510B15E1-B009-4782-83EB-9BC1D24595D0}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{524341D8-1306-4565-BE54-F0B64F650D2B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{53D6C84C-70A3-4412-8C37-052DD8E1D80C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |
"{54BD7607-95B6-4993-A81F-3B674B66B231}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii - demo\dungeon siege iii.exe |
"{55B9A3A7-ADF0-45E2-9CCF-2027B5907A2C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{560600F4-B50E-480D-8888-487B7786EAF4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{563E4646-D865-43D2-BA5E-2D0EE2132379}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{56FAAA5B-D745-44E8-9C15-FC2C6DE895D3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{57EA1427-74E8-48A3-83D6-73CE33A35B9D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{583A8C8C-16B3-4136-A8EB-755065A31C37}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58D4B89E-75F0-4858-A2FF-B4C6D241B865}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{59BAA04B-18D7-4EFF-9709-7D7EC3192DB6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{59F97C09-5B43-4C11-A2FF-E9D0FD5CD83A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the scourge project ep 1 - 2 demo\binaries\win32\scourgegame.exe |
"{5A16F1C7-BAFB-4C9C-989A-D34DF26EB825}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{5B046F48-FE88-4DAF-909B-C478289824E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{5B18B0B3-56F2-4ACD-B5D2-1A7488A38B30}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5C9EEEEE-7F3F-4225-BCFC-EEA5671E1CF2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5D578A97-9AC6-4772-8ADE-2C5458A63B9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5DD33B2D-5C7F-4BDC-AE2D-A4D1F565098E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FCB0F93-A71C-471F-A0B4-592B134B80C0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |
"{5FFF925D-EBF1-4C13-9355-E964962031AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{60C3B6BA-6E2A-4681-904F-0D448FD9888B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6225ED7C-F1E8-4944-A7AB-3FE7ADE89AA6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{6329EF8D-951F-4A6B-949F-3F08DD10E816}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{654D9384-2E8C-4E98-9970-4C4813F3FF31}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{66279191-1C00-4B26-B7C6-8346F19D2338}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66D547D9-C6DB-4B87-B099-5FA79D07B020}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{67AC05A8-164D-4F69-BB3E-5A7DC79559A7}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{68BCE756-8CF4-4BA4-A1D3-4E43D5E36C17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dino d-day\srcds.exe |
"{68FDA545-AFEF-494A-9452-2BB025BCD491}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6938F60C-C8D1-494B-BA36-A594BF0D6B0B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{6955DBA0-61FC-433D-9EA2-A3722C66A88D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bully scholarship edition\bully.exe |
"{6995DFE4-75A4-44BC-A2A2-D26E2060D3C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{69F3A05A-9A82-496E-954A-120A4AA7B3AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{6A20F80B-F79A-42FD-8284-60807E112CCE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6A7D35E7-65F2-4F80-A701-FCB58764D9D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{6ABD62F6-BC6C-41F6-8E53-1CF2E409647E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{6B191462-679D-4A18-8C3A-8FFC9EE72F9D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{6B1A3928-297C-45D6-BE9C-0929BF349534}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable the lost chapters\fable.exe |
"{6BE36E97-44D2-47B1-912A-6C6EC29E4450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{6DB598E1-9401-4BC5-91A7-E6A61FBF9833}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 2\fallout2.exe |
"{6DC97E94-753E-41AE-8010-1EBE2CB28400}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{6E015FFD-63D1-40E9-80CC-42E097B04A59}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{6EA7CEAB-6128-438B-8820-6F3273DC662B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |
"{6F189254-5B99-4453-ADCC-AB65CA23A305}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{6F687A30-27EC-4438-B058-1C93F1EBF330}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii - demo\dungeon siege iii.exe |
"{6FE9886F-7D16-482B-98F5-7B77681ACC91}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{6FF34812-48AC-452E-B91D-59EA9F4FFAA5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{71BFC5D2-91A2-4FC1-88CA-E1794721E102}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{726D72AD-4EB4-4183-A46E-C5F4F98D9DD1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{72EB1D88-DA79-42D5-9EB0-289658EB0149}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{75CE7853-21C6-4D89-B909-F8D23D5FA481}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{783433B0-6BCD-413A-B63A-D6D9A58A0658}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7861DB35-705F-4CBD-84DE-B91192428143}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{7892F868-8040-4DE9-9E4D-E5A933FC85CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{79E3901C-501E-4A13-818A-754BDCBAA44B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E0D759C-B8E5-4AF8-91D3-E3EEF65FB4DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{7E1F8838-DA21-4259-91DE-EF87EEF18CFC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\zombie panic! source\hl2.exe |
"{7E815724-1EA3-40AB-BC42-C009EA01AD06}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{7E9C842B-53FC-455D-AF5E-72FF3FCEE8BD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7ED3B3AE-7E64-4236-B14D-C94C8A42E4A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8134281B-E64B-4CFD-A247-4F7815E95981}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cogs\cogs.exe |
"{82D5D552-3E26-4B98-8D17-63063B1D889D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{837C6A47-0403-4FDB-A495-5F8008EF7718}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{84D9912E-796F-41F8-BF39-9D65F2872D27}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{870FEA57-02E3-4B77-BDEC-9BBD242A7417}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{880038DE-F165-4A9B-BA64-EA357B26482D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon siege iii - demo\dungeon siege iii.exe |
"{892AF5B0-AC2F-432E-8B35-6A3EC1A7E7C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\synergy\hl2.exe |
"{8A8E294B-1DEE-43F8-8A89-F74A4A0FE622}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{8B9B3E1E-4836-4090-946C-87AA1761F277}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dino d-day\srcds.exe |
"{8D94F69E-3849-47C0-8B9C-83A58934ABAB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{8F6905B2-C4F4-4D0F-9879-4C59B728F331}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\deus ex\system\deusex.exe |
"{9044159E-0D05-4258-8F26-E7AE91761DE7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{90950633-8944-4CD5-9C12-BE09A795C262}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{91D647B8-6571-402C-8123-23F304C93096}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9298E41E-9710-400D-95F9-7BEA5266782C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{938F5D59-BC68-4DA2-A792-0644E8505C2E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{9401FA4E-095C-458D-AF77-F4AB42088BA3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{956366FD-5DB9-4CA2-A691-5415939FA243}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{9573278D-18B7-4789-8FD4-F7B79F103AF6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9576C8A9-4F39-49D3-9D01-A4A90562CCC2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{95C633C1-8077-431A-9530-6229FF4248AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{960E1447-28EA-4460-B77E-839E5017A915}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{96D705FE-A844-4DCC-82E6-DB25A3C96166}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{980842B2-8016-4491-A2EF-120F0187E5F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{98391D72-578D-4D57-8F03-F527C197984F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{991D3187-89F5-411A-93AE-5ACE68DA409E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\garrysmod\hl2.exe |
"{99C31F61-7812-45CF-927A-23172B8EAF7B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\garrysmod\hl2.exe |
"{9BBAAE76-E019-421F-B5A9-6094E34794BA}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{9C3C887A-AE63-4835-A031-FC59129FD129}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{A0CD4DC7-1012-43E7-925C-BE5511F85327}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{A2F000DC-AE84-49EA-ABE5-367B3644A3B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{A32C41A1-A911-43DF-9C7C-A7830DD273AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bully scholarship edition\bully.exe |
"{A46EB3A2-5DC3-4E40-9618-F32D8C8D4874}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite v2 demo\bin\sniperelitev2demo.exe |
"{A4B12403-7CFE-4DB4-8CEE-2176F0C6549C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dino d-day\dinodday.exe |
"{A5F46BB7-AF48-4ADB-833F-B26E9A67C70F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{A71011AD-F7B8-4B56-A936-BEF7886A1323}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A75A22EE-48A7-4D77-8AC1-6FBA99B01CC4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{AAC2F7DF-EB79-4EBC-AADA-1C812D333F8E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{AE71D5CC-3ACA-415E-BAF7-F9A39567698B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{AF613E7F-D64A-4914-AA02-D411C46AB2F0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B06143CF-DA2A-4711-9885-826E96703303}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B085586A-B97B-4F44-B387-B542C056188E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{B1F55170-1108-4CEA-A3F9-2B735A9BE133}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bully scholarship edition\bully.exe |
"{B4156554-0885-442A-A9D9-6363C7598C48}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead rising 2\deadrising2.exe |
"{B6576210-4818-498A-85F7-AC1B9924D204}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B677A57F-888C-4D8C-AE1E-CD53F58DFA5C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B67961CD-0425-4978-AD35-FF592C219A59}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{B7B720A0-CB86-4BB9-803A-EF86B1D013BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B857ED22-683F-4D97-8DFC-181A7C40459F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BABE2605-59CA-4604-8629-F7FDD7D2E6CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{BD12E78D-17B5-462F-A3B2-B62EE695EE4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{BE1C1762-50C0-414C-85BE-D4313914B373}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C037E4FA-913F-4527-9F61-905E482DD304}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C1515E03-9022-4B2A-8040-578C86312FF0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2 - demo\bin32\crysis2demo.exe |
"{C283CA5B-0794-427E-8748-AFA71CE148F4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C2EA854B-1BAD-483F-9160-7EECF2AE9D8C}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C2EB0669-5B10-40C7-9EFA-39A8EB711ADB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C3B113F7-3CC1-4EFA-A7B4-6C505FFE41D8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C415EEB8-85F0-440D-A039-4528590CA329}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{C6ED8D71-1DC0-49AE-A0A7-FEB87A58AAAF}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{C826205A-01D8-41EC-B29F-F79CAE9E676B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{C8B17B6F-3DE0-41C1-8598-038B04C0E5F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bully scholarship edition\bully.exe |
"{C8E887E0-3B56-4353-AE96-FF8B4BBE3114}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{C91B2AEF-1E88-4FF8-A3E4-CF7A37941A59}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\chime\chime.exe |
"{C96E84AE-20FC-4728-A806-C8C13A337772}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CC64EF2A-C7D0-4034-9922-8C7159728218}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CCB12D2D-C755-4B34-A559-945129995F98}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\synergy\hl2.exe |
"{CD5C89B1-D81A-4693-A207-0CDA8A5A8205}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{D07E4851-4095-44B8-9718-81E7DA50E3AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\chime\chime.exe |
"{D086A64C-E39B-46ED-8D59-A14A65632DF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2 free to play\smp.exe |
"{D0B4B0C1-6A24-4737-B6A1-7D5778943627}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{D0E87051-1B73-42AF-ABC7-B5F0CF122ECD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the undergarden\theundergarden.exe |
"{D1555C5D-9443-404F-AC56-3193F7566890}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{D1C96F67-6755-4CFC-B26B-D4BA1487B215}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe |
"{D2F56DF7-3094-4323-B633-C2B7A0D7BB87}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{D49D66C2-0F0F-456E-9DB0-CA67A4D7B680}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{D5751736-57AE-49F7-AC2A-5F90031092B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{D65433DD-3932-4058-B5C5-CEF00C772465}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D6B934C5-98E7-4319-B519-121695C5FAC5}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D6DFB788-0991-4BF3-9978-DC3F91541DAC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{D894B71F-8DBD-41C7-8C5A-C5032915C459}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{D9574750-23A2-4F03-A2A3-986AD7968BAE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{D9F69B73-C5B7-4366-A712-8F72BD8CC231}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{DA4870CA-FEE6-41F4-9444-8949E23A958A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{DA741BC6-79BA-4D04-92BB-F891959A3089}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\garrysmod\hl2.exe |
"{DA8D5561-A123-4EFE-AD5C-41AB8DB596EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{DA8DE82C-45BB-4D15-AA60-F50096A50208}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DAE266F1-DA18-4A05-B175-5D751DA2E1C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{DAF2B7D0-C377-463F-B5B9-9459440D9DF8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{DC199515-6BE4-4D87-8A0E-82D9EA2A3D06}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DEFC619F-A8DE-4F0D-A834-C9958BA91C55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E13C5FDC-1617-4922-BAB0-56A45296FE05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{E1948501-974E-4181-83F0-5C1E8D78ADBB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bit.trip beat\beat.exe |
"{E2ADDA41-E402-47F1-937F-C324D8F08F19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2C6DA06-D237-4B68-B0FD-56F85157C514}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E44B4F48-EB08-47A0-BA5B-092C864149A8}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{E4BC6FCB-5879-496F-B361-4A3E4D940129}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E58FD509-C9D3-470A-8715-9F4F9620C597}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E7BCA345-06A9-49E6-A4C7-88C2AA07F86C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E9235F20-46F3-47BD-9C80-7C8E68B4D7AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{E97746F7-7528-419D-B42E-9E52E897805D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{EE76485A-A1BA-4F8C-80C5-5DC72E88C48E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{EF181545-EF09-413B-AFE7-CD2230151542}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe |
"{F025FCEA-3410-477E-8203-8346702FC123}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{F1137989-AAED-4800-A75D-0337E534855B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2 free to play\smp.exe |
"{F14253D4-9410-459B-8E69-3BA2BDF4514C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe |
"{F2EC07A3-E577-452F-AEF0-E3AE0F0B2BE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F3C17EA8-12DD-488A-9D77-37CBC6B218BC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{F3C47F2F-EEC5-472B-ABF5-1F1F763CFFCE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{F4A09009-EB67-44EE-8F91-65011C4954F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\deus ex\system\deusex.exe |
"{F63C1E3A-C4FC-41EF-BA3B-CB0AEB5372DB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F7032E55-CCE9-4A0E-8C11-82C1BA4C644E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2 - demo\bin32\crysis2demo.exe |
"{F822110A-C2F8-41EE-B2CD-5F67CBDB854C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F8868991-8FF8-4CCB-BD68-8559130D4F26}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{F8D91FFA-528B-47B8-B56B-25709248FBBA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{F9B13AA4-C4FA-4A31-A099-9E450F4D3414}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{F9C75B0B-D145-43B4-84C1-D1B6A84EC10A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{FDB84A35-E112-4FC1-86A1-9F03C40FAD99}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the undergarden\theundergarden.exe |
"{FF75C51A-A953-499C-BE0E-A0182BDCB512}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{FFC0BAED-AB2F-4E5E-B3A4-38D5AF4E08B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"TCP Query User{04E96584-F902-4FD1-A911-798FD41456EE}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{071372C4-02EF-431B-8930-70490AA3D312}C:\program files\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{110D8301-6802-4EA5-B5DC-D524AA476D8A}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{2746961C-3E1C-4DE0-9C6C-D964A4C0A5DD}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{28747613-0566-4CD7-B4B7-2D4514E37FD5}C:\program files\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defcon\defcon.exe |
"TCP Query User{2B50804E-A99C-4E3E-872F-850FF307B0C1}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{31813AE9-8DF9-42BF-9B1A-BF5B1A20CEDC}C:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe |
"TCP Query User{35EA0FAA-AAE6-414C-BF92-C2D67708E622}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{3B9DE98E-5A74-4A65-B40B-DBA6C3BF51A2}C:\users\brody\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\brody\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{459C6115-836F-4FCF-A887-6556482C6BBD}C:\program files\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"TCP Query User{52827E72-D6E7-440A-A77B-746C31A97EE4}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{52F1E803-C979-4D37-8977-DB383B9A1560}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5D58E6B8-3779-4777-8CD7-5CD3BD4EFA2C}C:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{6921AB44-E8B0-4ED0-ACD0-CC2CAB91B875}C:\program files\steam\steamapps\captainclaymore\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\source sdk base 2007\hl2.exe |
"TCP Query User{7A4AE0C1-2570-4CE4-8B75-4D6D88FF1522}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{7D5614E5-86F5-425D-A4B1-9704D1037A57}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{957936E0-6602-4D65-AC3A-039DD19C12E0}C:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{964F63F3-2C59-4E62-ACBE-2C23666FA6EA}C:\users\brody\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\brody\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{A00496F7-EE7C-4307-946A-B581806F09BC}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{A1C4D500-FD0D-4C8F-A296-5CA16AFB9684}C:\users\brody\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\brody\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{AE384C89-11EE-4199-9BD1-BD21E75E15B9}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{AEA7DE87-DB70-4099-9252-2785F51A7989}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{B2D640C8-A9D5-4109-B517-5EA760979EF2}C:\program files\gamehouse\the game of life\thegameoflife.exe" = protocol=6 | dir=in | app=c:\program files\gamehouse\the game of life\thegameoflife.exe |
"TCP Query User{B604EB7F-026D-4EDA-AF62-D7A3995E9FC5}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{B7BC64AF-3680-4169-805A-FE507CAD5723}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{B7E2D500-F99D-4090-A612-5B6A2B0C5BFE}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{CAE8CFD5-7E06-43D5-B3F2-D08895E798B1}C:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe |
"TCP Query User{CE54E35B-D950-4F38-9BFE-89C7F7CA4574}C:\program files\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defcon\defcon.exe |
"TCP Query User{D82A02D6-6485-4637-B82E-B39BAD0853DB}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{DC96D995-E4E2-4869-A348-81ED8836A71E}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{DE93715D-8E1D-4DC5-BD73-5E2444592900}C:\users\brody\downloads\starcraft_2_na_en-us (1).exe" = protocol=6 | dir=in | app=c:\users\brody\downloads\starcraft_2_na_en-us (1).exe |
"TCP Query User{DF533AE4-60EF-49FE-81D7-D34E30632955}C:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{EAFB4CDB-89A5-4184-B6BE-C29DD794574E}C:\program files\realtime worlds\apb north america\binaries\apb.exe" = protocol=6 | dir=in | app=c:\program files\realtime worlds\apb north america\binaries\apb.exe |
"TCP Query User{F0AA565C-B85C-40CB-B222-E3366BE66AAE}C:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe |
"TCP Query User{F228E812-1ED8-4D76-955A-E8415E22554B}C:\program files\darkfall us\lobby.exe" = protocol=6 | dir=in | app=c:\program files\darkfall us\lobby.exe |
"TCP Query User{F5DE089A-F721-43DE-BCD6-118186419F3E}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{F904D443-AB94-4945-BE2F-E002C130B422}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{FB6EBBA4-D450-4F81-A834-D59EAAB0EFAA}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{079E7053-31C1-4E60-A027-F196DF22B0AF}C:\program files\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defcon\defcon.exe |
"UDP Query User{1788D167-ED39-4D99-9AAE-41BD4BEC000C}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1CA00EB5-1F40-4B17-9004-621C95687A35}C:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe |
"UDP Query User{254E0A78-2AE9-409D-AB81-D14A8B50FBC4}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{4B37B956-AA3E-4210-9584-21F1FF6FAA7D}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{4D49DE9C-E9A0-45F0-9D70-B48E1ACF7630}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{5303D458-B1C3-47BF-BCBC-DFAAD466E9EE}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{55A276FA-6330-4EC2-9004-8CA24CE24012}C:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{6B6E1A0F-0F51-461C-9C3E-B1838F596F1F}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{7C24DBC5-6E2E-4387-95B9-478D79AF55BD}C:\program files\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"UDP Query User{7CECC43A-84C3-47CE-A62A-AD5C4E1AFF59}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{7EBE985C-2FB3-403F-BD42-07DB5CACED10}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{7FA4C5CE-3483-43F9-A698-EEAA3741491C}C:\program files\gamehouse\the game of life\thegameoflife.exe" = protocol=17 | dir=in | app=c:\program files\gamehouse\the game of life\thegameoflife.exe |
"UDP Query User{80C051CA-891D-41BB-8E63-0026EEFC35CA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{8427C9E0-D696-467C-8DE2-31E42C71DB9D}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{8803F14D-48EA-4E17-9263-A2D43EFDFE67}C:\users\brody\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\brody\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{88BDEFAA-FB54-4873-85BC-42F4EE098E88}C:\program files\steam\steamapps\captainclaymore\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\source sdk base 2007\hl2.exe |
"UDP Query User{8E1750E8-7863-49B7-B389-F646DD9CF1EC}C:\program files\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{96448996-D99E-482B-84C2-E6F704EC630B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{9BB07F3C-7504-423A-A6DF-744FC720ED0A}C:\users\brody\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\brody\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{A014DE2A-B00B-4828-BFC3-D2B0FA803919}C:\program files\realtime worlds\apb north america\binaries\apb.exe" = protocol=17 | dir=in | app=c:\program files\realtime worlds\apb north america\binaries\apb.exe |
"UDP Query User{B473815E-D19C-47B0-9C2B-49D910702548}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{B8848C75-803C-4ACF-B433-0D122CD7012F}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{BBA07395-4393-4E5D-BABF-BDEB7C0B9B89}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{C42097CD-70DB-49E4-825D-38FD16FF493A}C:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\counter-strike source\hl2.exe |
"UDP Query User{C6C110FF-92F6-4081-BAF2-FFD208C01104}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{CB155617-B03C-42AD-8853-49DCB82F914D}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{CE699CF0-20E1-4E6A-A726-47BD34896F85}C:\users\brody\downloads\starcraft_2_na_en-us (1).exe" = protocol=17 | dir=in | app=c:\users\brody\downloads\starcraft_2_na_en-us (1).exe |
"UDP Query User{D2EB2273-DD8C-4E77-BE0C-69339A845F7C}C:\program files\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{DE558814-1FCC-4177-8A10-9BE5A6C69567}C:\program files\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defcon\defcon.exe |
"UDP Query User{E318E88F-8F2C-4E3F-8F55-B626424D0255}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{EA41AC91-CC2D-470C-9D45-0AF9428E070F}C:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\captainclaymore\team fortress 2\hl2.exe |
"UDP Query User{EBE95501-22FA-46FC-9BA1-6B054761CDEC}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{EDEDC141-EA92-4E82-AEAE-09A6628365F5}C:\program files\darkfall us\lobby.exe" = protocol=17 | dir=in | app=c:\program files\darkfall us\lobby.exe |
"UDP Query User{F258EAD7-CB4F-4018-8264-D6DFB0897813}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{F30A22FE-3890-40F3-885F-F5D81E357114}C:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{F61C3778-39F8-4695-B4E2-ADCF299D9B18}C:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{FE505EE2-8960-46FE-9CF3-B0DB9A26E052}C:\users\brody\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\brody\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AE512BF-4487-7E3D-314A-FA98843E341D}" = CCC Help Spanish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10147551-9D1E-92AB-BC25-50062E59FC93}" = CCC Help Korean
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{14E27EF1-62C9-BD82-6CB2-F07BD641248A}" = Catalyst Control Center InstallProxy
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1917776B-8082-EF01-E8E5-206AE05AB344}" = CCC Help Japanese
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B6C8033-3A22-B691-04D2-21BDB81752FE}" = CCC Help Portuguese
"{1EA317AF-398B-21FB-192E-5149589D1303}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{28AFA4FD-0FBA-DF03-282D-DA6427575E46}" = HydraVision
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BD3018B-07F2-C7DE-1B86-519DA610E8FF}" = CCC Help Dutch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{2E4CF46D-D3FF-9DA3-53EA-AC856EEA044E}" = Catalyst Control Center Graphics Light
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5F58E6-C14F-52B8-666B-ED9DA9952961}" = CCC Help Finnish
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2
"{43AD7481-0048-BD99-5DC9-F33B87FC3CBE}" = Catalyst Control Center HydraVision Full
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45F5630E-2EE5-07DE-2340-5BB5F41EFA75}" = CCC Help Chinese Traditional
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D3A069D-FB4E-81F0-FE2F-E1F37329C149}" = CCC Help Greek
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{4F498ED9-A09B-0892-5D26-C550E04FA55B}" = CCC Help German
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52E9A798-88C7-4EE6-94D4-2D54FEC8EE52}" = Ragnarok Online
"{5398A646-DA01-E8E5-838C-041F056DF993}" = ccc-core-static
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5639E516-21E5-31A7-C643-097B3835E05E}" = ATI AVIVO Codecs
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F693EFA-94F7-E6F9-87F8-E9A9A8A9B9DB}" = Catalyst Control Center Graphics Previews Vista
"{5F798E37-0900-EA78-DD24-D2415691885F}" = CCC Help Swedish
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6CBC9208-6FA1-9F71-7DA0-0BCEE2061BF0}" = CCC Help Polish
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7173DEDF-9BFD-21A5-7267-76761A8322AD}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{762AD6C2-E30E-D6A9-5EE5-AD983BE43363}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78B00E48-145A-705F-911B-A470D3F188C4}" = CCC Help Italian
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8BFDA8AC-4A90-F17F-F2C3-AFC721A907A8}" = CCC Help French
"{8C43F22D-FD5B-0FFB-B9EE-C5D0D1F57EFC}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{928E6B10-5BA7-3D88-D2A0-D17CC8DD5315}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9446A42D-780C-48D7-AA8C-D3D47FCE6365}" = SymNet
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{957A526D-EB80-32B0-5F8A-D278488B0229}" = CCC Help Hungarian
"{96703682-957B-2614-2CD0-7B2D68CA51E9}" = ATI Catalyst Install Manager
"{96EC9DFD-ACB3-E454-5277-2D7DD3C43A4F}" = CCC Help Turkish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE715C55-563C-3886-14C6-4EC3E4F167DA}" = CCC Help Thai
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4AA5745-9B5B-D101-8EFE-C58BC9ACDD13}" = CCC Help Norwegian
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0583394-A9E6-1245-FD0D-FBCB2402808B}" = Catalyst Control Center Core Implementation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CBFDCAA6-9611-5CD1-15C2-8C535E006EA9}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D2F2A1C2-B162-77F5-9846-7534074A171C}" = Catalyst Control Center Graphics Full New
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC97ADC2-E22D-44BB-BE55-0FC73D91D397}" = Symantec Real Time Storage Protection Component
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E53C2E32-D090-488A-A098-9EB1A09C367F}" = CCC Help Chinese Standard
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FD1D0916-AC22-CB57-7268-260F12D72833}" = Catalyst Control Center Graphics Full Existing
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF641CF0-F5C7-CC23-501F-E55866DEE30F}" = CCC Help Danish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnimusRO Full Setup_is1" = AnimusRO Full Setup version 1.0
"APB Reloaded" = APB Reloaded
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"BCB Date Sim Alpha Build" = BCB Date Sim Alpha Build
"BCBDateSim Alpha" = BCBDateSim Alpha
"Cockatrice" = Cockatrice
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Diablo III Beta" = Diablo III Beta
"Download Manager" = Download Manager 2.3.10
"EA Download Manager" = EA Download Manager
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.15
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Machinarium" = Machinarium
"Magic Workstation_is1" = Magic Workstation 0.94f
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"mIRC" = mIRC
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenRPG" = OpenRPG
"PhotoScape" = PhotoScape
"PokerTH 0.8.1" = PokerTH
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 1520" = DEFCON
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 207430" = Hack, Slash, Loot
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 210470" = Sniper Elite V2 Demo
"Steam App 2120" = Dark Messiah Singleplayer Demo
"Steam App 218" = Source SDK Base 2007
"Steam App 22380" = Fallout: New Vegas
"Steam App 22480" = GECK - New Vegas Edition
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 2400" = The Ship
"Steam App 2420" = The Ship Single Player
"Steam App 2430" = The Ship Tutorial
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 31280" = Poker Night at the Inventory
"Steam App 33460" = From Dust
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3830" = Psychonauts
"Steam App 38410" = Fallout 2
"Steam App 39000" = Moonbase Alpha
"Steam App 39230" = Dungeon Siege III Demo
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 45740" = Dead Rising 2
"Steam App 47890" = The Sims™ 3
"Steam App 550" = Left 4 Dead 2
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 57600" = Tropico 3: Absolute Power
"Steam App 57690" = Tropico 4
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 620" = Portal 2
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Steam App 92500" = PC Gamer
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 5:05:09 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 6:13:05 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 7:13:34 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 8:07:37 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 9:13:07 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 10:14:18 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 8:01:00 AM | Computer Name = Brody-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2012 8:03:44 AM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 9:10:21 AM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 9:44:41 AM | Computer Name = Brody-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/10/2012 10:10:52 AM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 11:10:51 AM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 12:00:10 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 1:08:43 PM | Computer Name = Brody-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 6/8/2012 3:12:40 PM | Computer Name = Brody-PC | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 6/8/2012 10:21:33 PM | Computer Name = Brody-PC | Source = DCOM | ID = 10010
Description =

Error - 6/9/2012 7:14:32 AM | Computer Name = Brody-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 6/9/2012 7:16:47 AM | Computer Name = Brody-PC | Source = bowser | ID = 8003
Description =

Error - 6/9/2012 7:39:02 AM | Computer Name = Brody-PC | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275

Error - 6/9/2012 7:39:02 AM | Computer Name = Brody-PC | Source = Application Popup | ID = 875
Description = Driver COH_Mon.sys has been blocked from loading.

Error - 6/9/2012 10:49:46 PM | Computer Name = Brody-PC | Source = DCOM | ID = 10010
Description =

Error - 6/10/2012 8:00:05 AM | Computer Name = Brody-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 6/10/2012 8:25:05 AM | Computer Name = Brody-PC | Source = Application Popup | ID = 875
Description = Driver COH_Mon.sys has been blocked from loading.

Error - 6/10/2012 8:25:05 AM | Computer Name = Brody-PC | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275


< End of report >




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 13:52:11
-----------------------------
13:52:11.198 OS Version: Windows 6.1.7601 Service Pack 1
13:52:11.198 Number of processors: 3 586 0x402
13:52:11.198 ComputerName: BRODY-PC UserName: Brody
13:52:14.162 Initialize success
13:52:37.958 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
13:52:37.974 Disk 0 Vendor: WDC_WD7501AALS-00J7B1 05.00K05 Size: 715404MB BusType: 3
13:52:37.974 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
13:52:37.974 Disk 1 Vendor: WDC_WD7501AALS-00J7B1 05.00K05 Size: 715403MB BusType: 3
13:52:37.990 Disk 1 MBR read successfully
13:52:38.005 Disk 1 MBR scan
13:52:38.005 Disk 1 Windows 7 default MBR code
13:52:38.005 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715401 MB offset 2048
13:52:38.005 Disk 1 scanning sectors +1465143296
13:52:38.052 Disk 1 scanning C:\Windows\system32\drivers
13:52:44.173 Service scanning
13:52:57.246 Modules scanning
13:53:02.628 Disk 1 trace - called modules:
13:53:02.643 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:53:03.143 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xc31c2a20]
13:53:03.158 3 CLASSPNP.SYS[c877959e] -> nt!IofCallDriver -> [0xc2d08400]
13:53:03.158 5 ACPI.sys[c82413d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xc2cfe908]
13:53:03.189 Scan finished successfully
13:53:39.771 Disk 1 MBR has been saved successfully to "C:\Users\Brody\Desktop\MBR.dat"
13:53:39.787 The log file has been saved successfully to "C:\Users\Brody\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 10 June 2012 - 09:42 PM

Hi,

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Boomington

Boomington
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 11 June 2012 - 01:47 PM

ComboFix 12-06-10.01 - Brody 06/11/2012 6:07.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1868 [GMT -4:00]
Running from: c:\users\Brody\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brody\AppData\Roaming\.#
c:\users\Brody\AppData\Roaming\.#\MBX@F90@2956E90.###
c:\users\Brody\AppData\Roaming\.#\MBX@F90@2956EA0.###
c:\users\Brody\Documents\~WRL1740.tmp
c:\windows\system32\SET3543.tmp
c:\windows\system32\SET4E35.tmp
c:\windows\system32\SET5072.tmp
c:\windows\system32\SET8DC.tmp
c:\windows\system32\SETA228.tmp
c:\windows\system32\SETBD09.tmp
c:\windows\system32\SETC60C.tmp
c:\windows\system32\SETD78C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 10:17 . 2012-06-11 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 23:31 . 2012-06-09 23:31 -------- d-----w- c:\program files\AVG Secure Search
2012-05-27 20:10 . 2012-05-27 20:10 -------- d-----w- c:\users\Brody\AppData\Roaming\LolClient2
2012-05-13 13:42 . 2012-05-13 13:42 188824 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\expapply.dll
2012-05-13 13:42 . 2012-05-13 13:42 429864 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\AoeOnlinePatch.dll
2012-05-13 13:42 . 2012-05-13 13:42 2629928 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\AoeOnlineDlg.dll
2012-05-13 13:42 . 2012-05-13 13:42 188824 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\expapply.dll
2012-05-13 13:42 . 2012-05-13 13:42 152872 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AOEOnlineReplace.exe
2012-05-13 13:42 . 2012-05-13 13:42 429864 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlinePatch.dll
2012-05-13 13:42 . 2012-05-13 13:42 2629928 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlineDlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 10:00 . 2009-10-04 14:02 16608 ----a-w- c:\windows\gdrv.sys
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 07:06 . 2012-05-11 23:24 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20BA0338-28E4-46BB-A3DD-DB4F6D3F36F4}\mpengine.dll
2012-03-31 04:39 . 2012-05-11 18:51 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 18:51 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-11 18:51 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-11 18:51 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 19:59 . 2012-03-20 19:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-20 19:59 . 2012-03-20 19:59 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-20 19:59 . 2012-03-20 19:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-20 19:59 . 2012-03-20 19:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-20 19:59 . 2012-03-20 19:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-20 19:59 . 2012-03-20 19:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-20 19:59 . 2012-03-20 19:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-20 19:59 . 2012-03-20 19:59 367104 ----a-w- c:\windows\system32\html.iec
2012-03-20 19:59 . 2012-03-20 19:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-20 19:59 . 2012-03-20 19:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-20 19:59 . 2012-03-20 19:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-20 19:59 . 2012-03-20 19:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-20 19:59 . 2012-03-20 19:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-20 19:59 . 2012-03-20 19:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-20 19:59 . 2012-03-20 19:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-20 19:59 . 2012-03-20 19:59 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-20 19:59 . 2012-03-20 19:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-20 18:28 . 2011-04-12 23:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-17 07:27 . 2012-05-11 18:51 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-01-30 15:04 . 2011-01-30 15:04 99518 ----a-w- c:\program files\Uninstal.exe
2010-10-24 18:20 . 2011-01-30 14:17 655872 ----a-w- c:\program files\msvcr90.dll
2010-10-24 18:20 . 2011-01-30 14:17 110080 ----a-w- c:\program files\BCBDateSim.exe
2010-03-20 01:52 . 2011-01-30 14:17 2145280 ----a-w- c:\program files\python26.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-09 23:31 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-09 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-06-07 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-09 1104440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 02:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
2007-08-23 20:35 152952 ----a-w- c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 19:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Brody\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-11-17 13:53 113288 ----a-w- c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-10-12 00:36 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-01-20 19:20 6711840 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-01-20 19:21 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 17:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-10 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20120605.001\IDSvix86.sys [2011-10-17 286328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-09 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 106656]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 62336]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 141440]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSEH
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 12:50]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 12:50]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275492190-2307126785-2797742586-1000Core.job
- c:\users\Brody\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 00:06]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275492190-2307126785-2797742586-1000UA.job
- c:\users\Brody\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 00:06]
.
2012-06-05 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Brody.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mydtzone.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Brody\AppData\Roaming\Mozilla\Firefox\Profiles\avp2eqvn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_ccAppPlgMgr_4160"="{FF7587A2-C6D3-491D-AEDF-6247359CB8F6}"
"ccSvcHst_ccAppPlgMgr_1500"="{FBB63405-CA18-49FC-BEDC-CD2FAA0E0C79}"
"ccSvcHst_ccAppPlgMgr_2544"="{3E844454-FF43-4DAA-810F-82393A3D499B}"
"ccSvcHst_ccAppPlgMgr_1352"="{7F975470-9FA7-4E05-A6E0-8D63E68FAF45}"
"ccSvcHst_ccAppPlgMgr_2868"="{2B74FF25-3ED7-47B8-8C43-D874AA294E5D}"
"ccSvcHst_ccAppPlgMgr_2416"="{17F7CE59-65F2-4727-8DED-FD66826844B5}"
"ccSvcHst_ccAppPlgMgr_3632"="{D0211184-5847-4552-B317-4C1D455B7891}"
"ccSvcHst_ccAppPlgMgr_3444"="{D2C53F06-876A-49B6-991C-2FA8638B9FAF}"
"ccSvcHst_ccAppPlgMgr_2884"="{4DD7BE03-9BD2-49DA-B3B1-257CC9367E4B}"
"ccSvcHst_ccAppPlgMgr_3192"="{53D1C9B9-A8BD-4ABB-9569-5199DB5E72DA}"
"ccSvcHst_ccAppPlgMgr_4016"="{D97BEECD-6FDD-4825-8ED4-B4D7540C5F36}"
"ccSvcHst_ccAppPlgMgr_3504"="{E9D6AC92-9BF2-4C0F-87DB-7F185C1E9C1D}"
"ccSvcHst_ccAppPlgMgr_2804"="{9FB538E0-1DD7-4F1F-B516-299CFC64002D}"
"ccSvcHst_ccAppPlgMgr_3684"="{FF3BDBA1-2C64-4264-AE03-F8BE70518C89}"
"ccSvcHst_ccAppPlgMgr_3380"="{7139AC79-C470-4B8D-A9DD-92DF80965D7C}"
"ccSvcHst_ccAppPlgMgr_2732"="{F18CDEC1-F8CD-46D7-A8C8-710CF7AE2035}"
"ccSvcHst_ccAppPlgMgr_2684"="{422FD725-328D-4217-A0D7-36D80D58459D}"
"ccSvcHst_ccAppPlgMgr_3560"="{4755EC38-3135-443B-BE95-74FB9A79BF1B}"
"ccSvcHst_ccAppPlgMgr_3548"="{2C358910-1B2F-4C24-BD30-A686F1575FF9}"
"ccSvcHst_ccAppPlgMgr_2948"="{0629C4E5-8BC0-4C51-BCDE-6F536D9BE9C3}"
"ccSvcHst_ccAppPlgMgr_3480"="{CF38C66C-9093-43D6-A48C-A0E8AD36ECBE}"
"ccSvcHst_ccAppPlgMgr_3588"="{17F44A17-B15B-4302-B515-1C8ECC4589BD}"
"ccSvcHst_ccAppPlgMgr_3584"="{E6AFD0F1-5D65-4248-B7D8-1DAF12D1880B}"
"ccSvcHst_ccAppPlgMgr_2820"="{EFB7612D-30AA-452D-A9CF-8231E3532452}"
"ccSvcHst_ccAppPlgMgr_3376"="{2BA6AA49-E50D-4A8A-9B0F-A0FF9391AEF9}"
"ccSvcHst_ccAppPlgMgr_3636"="{1357E480-0FCD-4CB5-AD9F-22F7585DD5A1}"
"ccSvcHst_ccAppPlgMgr_3688"="{DCA8A108-65D7-4B03-AC86-B384D6D4B249}"
"ccSvcHst_ccAppPlgMgr_3628"="{58526416-1A81-44BC-8777-D243BA7895A5}"
"ccSvcHst_ccAppPlgMgr_4080"="{07B3CB0B-70BD-43B4-8B3D-DC5F87BFE672}"
"ccSvcHst_ccAppPlgMgr_3612"="{3464DAE8-B6F6-4A76-9AEF-40974979C408}"
"ccSvcHst_ccAppPlgMgr_3564"="{D5CF68E5-FBF9-4FEA-A0DC-36581A9493F6}"
"ccSvcHst_ccAppPlgMgr_2756"="{B847E643-88B1-4200-9D55-8CD5CBD4A790}"
"ccSvcHst_ccAppPlgMgr_1720"="{72EBF7DC-302D-4BE7-8EF7-70A6FEEF6A83}"
"ccSvcHst_ccAppPlgMgr_4076"="{8E2536D4-0C00-4453-B542-A19B23B59059}"
"ccSvcHst_ccAppPlgMgr_2128"="{F42200E1-B21A-450C-8508-D76454B146D9}"
"ccSvcHst_ccAppPlgMgr_2604"="{DEB8E01D-021B-432B-A222-40BB556DFC5F}"
"ccSvcHst_ccAppPlgMgr_2724"="{B12C30C5-8221-4132-AD56-18D7FA2B290A}"
"ccSvcHst_ccAppPlgMgr_2328"="{ABB17FE7-2D3C-4433-8FB6-2A343D122339}"
"ccSvcHst_ccAppPlgMgr_3028"="{5C383895-5613-4AB5-BAFA-E0C084B33451}"
"ccSvcHst_ccAppPlgMgr_2860"="{E025F45F-5226-4D3C-95ED-409DE667FA58}"
"ccSvcHst_ccAppPlgMgr_3500"="{64FBE1C3-8F6D-40D6-9DA6-60596AFF11CC}"
"ccSvcHst_ccAppPlgMgr_3904"="{42D39B25-0066-4C4D-B113-0881F52D0EBC}"
"ccSvcHst_ccAppPlgMgr_2464"="{08AFAE5F-E388-4FE4-94B0-5F87C021C6DB}"
"ccSvcHst_ccAppPlgMgr_3940"="{651C4DCF-6CDB-406B-8F95-DA6B15908BBC}"
"ccSvcHst_ccAppPlgMgr_3764"="{E82A6393-1383-4B9F-BCCB-563CBA575261}"
"ccSvcHst_ccAppPlgMgr_3840"="{C00676AE-179E-40C4-890C-2C736FFF36FB}"
"ccSvcHst_ccAppPlgMgr_3708"="{C7DEC8F9-1851-4DCC-9C27-9D55706216A1}"
"ccSvcHst_ccAppPlgMgr_2576"="{C8567712-2C8B-4F61-B2A8-17BE68943E33}"
"ccSvcHst_ccAppPlgMgr_3744"="{5D81F5B6-A9D6-4623-A3AA-29F06935C07D}"
"ccSvcHst_ccAppPlgMgr_2588"="{9C77CB06-FF0C-4B81-9689-1562D5269EB7}"
"ccSvcHst_ccAppPlgMgr_2800"="{5D9ADCFA-EB39-4B09-B4A5-A94C3E741C81}"
"ccSvcHst_ccAppPlgMgr_4056"="{297ECCFE-2C12-4C18-8B34-9D1FCD0B4AED}"
"ccSvcHst_ccAppPlgMgr_3728"="{CADAA94A-1A7A-47B3-87F9-E1C2A81A0F2C}"
"ccSvcHst_ccAppPlgMgr_3660"="{44D937A9-8974-4865-A57D-98B4DEFE4CF4}"
"ccSvcHst_ccAppPlgMgr_3896"="{41A38FD0-E535-4219-923A-EC966D1D243C}"
"ccSvcHst_ccAppPlgMgr_3256"="{5314BB4E-1BFE-4916-957B-0B03B0D30ED5}"
"ccSvcHst_ccAppPlgMgr_3568"="{4FB84DE4-70CC-4186-98D0-35C9080DE8A5}"
"ccSvcHst_ccAppPlgMgr_3860"="{4A2FAD60-20A0-4A3D-A193-3654492E3690}"
"ccSvcHst_ccAppPlgMgr_3140"="{89B196BE-161C-4544-8ED9-B57D84E00B4C}"
"ccSvcHst_ccAppPlgMgr_2056"="{4DF9E046-2D17-44D4-9DBD-F6BCA0B3FFA1}"
"ccSvcHst_CLTNetCnService"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"ccSvcHst_ccSetMgr"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"cltIPCServer_Channel"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"ccSettingsService"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"ccSvcHst_LiveUpdate Notice"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineCallbackIPC"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"{A6D74B3B-C009-48CE-ADB6-159798ECB2C0}"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"SNDServiceRequestChannel"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"SNDLocationChannel"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"ccSvcHst_ccEvtMgr"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"ccEvtCli"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"_AvProdSvcComm_"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"NortonNetServiceIPC"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"NetMapServiceIPC"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"_IsDataSvcComm_Options"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"_IsDataSvcComm_"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
"IPS_COMMAND_CHANNEL"="{B1D880FF-163C-4857-B498-5367AABB6D5E}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-11 06:33:47
ComboFix-quarantined-files.txt 2012-06-11 10:33
.
Pre-Run: 309,694,742,528 bytes free
Post-Run: 309,576,593,408 bytes free
.
- - End Of File - - 085595CE6E48F565460D81C58D1AB80D

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 11 June 2012 - 09:01 PM

Please do this next:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • MBAM log

Edited by RPMcMurphy, 11 June 2012 - 09:02 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Boomington

Boomington
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 12 June 2012 - 12:31 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Brody :: BRODY-PC [administrator]

6/12/2012 8:39:30 AM
mbam-log-2012-06-12 (08-39-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 618277
Time elapsed: 3 hour(s), 45 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brody\Downloads\SoftonicDownloader_for_directx.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Brody\Downloads\WhiteSmokeInstaller_9128.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 12 June 2012 - 09:40 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 33
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Edited by RPMcMurphy, 12 June 2012 - 09:41 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Boomington

Boomington
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 13 June 2012 - 08:10 PM

My computer seems to be running fine without any real problems to note.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c437f6bc23b28842bed424e943752ca2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-14 01:03:09
# local_time=2012-06-13 09:03:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 21803288 21803288 0 0
# compatibility_mode=5893 16776574 100 94 1906136 91155142 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=551803
# found=14
# cleaned=0
# scan_time=25438
C:\Users\Brody\Downloads\adlsoft_uncompressor_3_3_last.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\gimp_12105.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\HC2Setup.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\registrybooster (1).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\registrybooster (2).exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Brody\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\adlsoft_uncompressor_3_3_last.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\gimp_12105.exe probably a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\HC2Setup.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\registrybooster (1).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\registrybooster (2).exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Documents and Settings\Brody\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 13 June 2012 - 10:57 PM

Many of those ESET detections are in the folder that contains you old windows installation, so they are out of play. Those other applications (adlsoft uncompressor, freefileviewer, gimp, HC2, and registrybooster) were flagged because they are considered adware, install toolbars or have other unclear objectives. If you no longer want those apps, uninstall them via Control Panel > Programs > Uninstall a program.

Other than those your logs look good. All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Boomington

Boomington
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 14 June 2012 - 07:28 PM

I am all set! Thank you very much for your help and advice.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 14 June 2012 - 10:14 PM

You're welcome, Boomington. Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 15 June 2012 - 10:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users