IDP.Trojan Crpt.AQLW Issues

[boatnerd06]

I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails. I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.

Thanks,
boatnerd06

[Scolabar]

Hi boatnerd06,

I think I would like to attempt to clean the machine. I do plan to in the near future to rebuild this computer anyway so if it fails it fails.

OK, thanks for the confirmation. Let's see how we get on.

I am beginning the process of using windows backup and restore to backup my computer unless you have a suggestion of something better.

A link to instructions on how to back up your data was provided in my initial post:

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows 7

OK, let's get started - assuming you have completed the backup of your data:

Please read these instructions carefully before executing and perform the steps exactly in the order given.
If, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Computer Problem(s) - Details

Please can you provide a description of the computer issues you are experiencing.
The description does not need to be technically detailed, but if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful.
Please describe the computer problem(s) you are encountering in your next post.

Step 2:
Advisory - P2P Software Present!

IMPORTANT There are signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer.

µTorrent

P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

Perils of P2P File Sharing
Use of P2P File Sharing Programs
Clean/Infected P2P Programs
Risks of Peer-to-Peer Systems
File sharing infects 500,000 computers
File-sharing dangers involve more than legal troubles
How to Prevent the Online Invasion of Spyware and Adware

I strongly recommend that you uninstall the P2P software as follows:

Remove P2P Program

1. Click on Start > Control Panel and double-click on Programs and Features.
2. Locate the following program:
   
   
   µTorrent
3. Click on the Change/Remove button to uninstall it.
4. Please repeat the above instructions to remove any other P2P File Sharing Programs you may have installed on your system.
5. When the program(s) has/have been uninstalled Close the Programs and Features and Control Panel windows.

Step 3:
OTL - Scan

1. Before proceeding please make sure you delete any existing version of OTL you already have on your computer.
2. Please download OTL by Old Timer. Save it to your Desktop.
3. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
4. Under Output, ensure that the Standard Output option is selected.
5. Under the Extra Registry section, select the Use SafeList option.
6. Click the Scan All Users checkbox.
7. Tick the LOP Check and Purity Check checkboxes.
   Note: Please leave the remaining selections on the default settings.
8. Click on the Run Scan button in the top left-hand corner of the program window.
9. When done, two Notepad files will automatically open:
   
   OTL.txt <-- Will be opened, maximized.
   Extras.txt <-- Will be minimized on task bar.
10. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

Step 4:
Farbar Service Scanner

1. Please download Farbar Service Scanner and save it to your Desktop.
2. Right-click on FSS.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. Click on the Scan button.
4. When the scan has finished, a text file named FSS.txt will be created on your Desktop. (- the same location where the tool is run from).
5. Please Copy and Paste the entire contents of the FSS.txt log into your next reply.

Step 5:
MBRCheck - Scan

1. Please download MBRCheck.exe © a_d_13 to your Desktop.
   Alternate links: Link 2 or Link 3
2. Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. A small black window will open with some information. Please do not fix anything (- if it gives you an option).
4. If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
5. When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
   A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
6. Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.

Step 6:
Include in Next Post

1. Did you have any problems carrying out the instructions?
2. Please provide a description of the computer problem(s) you have been encountering.
3. OTL.txt.
4. Extras.txt.
5. FSS.txt.
6. MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

[boatnerd06]

Scolabar, I will be out of town for the next 3ish days. When I return the scans will be run.

[Scolabar]

Hi boatnerd06,

Please post the logs requested in my last post. I am expecting to hear from you by the end of today.

Scolabar

[boatnerd06]

Every few hours or so It brings up a window that looks official saying that my copy of Windows is not valid. This is was not the case before this entire situation began.

OTL.txt

OTL logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
PRC - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 22:43:13 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 21:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/09 17:36:55 | 000,932,528 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (xnacc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinger.dll -- (splitter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_filter.dll -- (SE2Bbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (pdreli)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp111.dll -- (ntservice1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOFX.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icam4usb.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventlog.dll -- (LUsbKbd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahometnslistener.dll -- (httpfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\padfsvr.dll -- (GTPTSER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcstor32.dll -- (dvd_2K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lpds.dll -- (dpfusmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750bus.dll -- (awecho)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GENERICDRV.dll -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enecbpth.dll -- (AR5523)
SRV - [2012/05/06 16:04:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 10:18:29 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/27 18:40:51 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/02/06 13:22:46 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/06 13:22:39 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/12/23 11:54:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/21 08:22:08 | 000,455,784 | ---- | M] (VMLite, Inc.) [Disabled | Stopped] -- C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService)
SRV - [2010/03/01 18:03:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/14 01:08:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Nathan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1ar6w9g)
DRV - [2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/02/06 13:22:40 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/18 13:28:56 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmliteusbmon.sys -- (VMLiteUSBMon)
DRV - [2010/08/18 12:54:16 | 000,140,392 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmlitestor.sys -- (vmlitestor)
DRV - [2010/08/11 12:05:00 | 000,111,208 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/08/11 12:05:00 | 000,100,264 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/11 12:04:54 | 000,143,848 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/29 11:20:02 | 000,015,464 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vmlitedrv.sys -- (vmlitedrv)
DRV - [2010/04/22 14:33:36 | 000,014,336 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/13 21:59:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 10:11:04 | 001,084,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/07/13 18:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/08/11 12:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:40:58 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/15 11:17:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV - [2008/04/15 11:17:32 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eagent.farmersinsurance.com/
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F7 89 C0 2E 28 CB 01 [binary data]
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes,DefaultScope = {4675F48F-8AAA-4587-A5C5-D76130138482}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=3b7fc524-29a8-11e1-8e12-001fd08149e9&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{4675F48F-8AAA-4587-A5C5-D76130138482}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{6277A898-E263-4041-B463-DF13BD763F5C}: "URL" = http://www.bing.com/search?mkt=en-us&q=?FORM=MICCD1&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22CBD33C-6597-47E1-A095-8380820DC49A}&mid=695c58de235e47d6b412d1569665a01a-630f14d88c88f78d12f6037265eb8b1d7839be65&lang=en&ds=AVG&pr=fr&d=2011-10-17 12:38:28&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 46.23.70.176:3128

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/31 13:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 11:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/09 00:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 10:02:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Nathan\AppData\Roaming\Move Networks [2010/01/06 23:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 02:29:45 | 000,000,000 | ---D | M]

[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2009/11/30 03:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions
[2012/02/20 19:37:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\jkd87gk8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 11:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/24 11:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 09:43:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/10/10 21:41:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/06 09:43:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/10/03 05:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/12 12:10:21 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/10 21:41:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Bejeweled = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Railroad Empire = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiikpbacijhipapclbjgoeieioojhlnj\2.0.2_0\
CHR - Extension: vshare plugin = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\
CHR - Extension: AVG Do Not Track = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: RebateRobot = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.2_0\

O1 HOSTS File: ([2012/05/11 23:14:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000..\Run: [Spotify Web Helper] C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: 360-value.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: billerweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bristolwest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: bwproducers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: cisgroup.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: co-optimum.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmers.csod.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersces.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersflood.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersinsurance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersleadcenter.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmerslife.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: farmersmarketpoint.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremostfarmers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: foremoststar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: ipipeline.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: msbexpress.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: seccas.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-541655578-1006378361-3361530724-1000\..Trusted Domains: zurich.com ([]* in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/...tiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/downlo...4/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEAEC8ED-0698-44E1-8342-E4CD3DA1D97E}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 21:02:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/25 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\HPAppData
[2012/05/15 09:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/14 01:40:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/13 19:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vehicle Simulator
[2012/05/12 14:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/05/12 14:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/05/12 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2012/05/11 22:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/11 22:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/11 22:11:44 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/05/11 21:58:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/05/11 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot2_2012512144144
[2012/05/10 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Malwarebytes
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/10 23:35:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/10 23:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/10 23:23:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/10 11:35:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/10 11:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/08 18:57:42 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/05/08 18:52:59 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/08 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\temp
[2012/05/08 11:48:50 | 000,000,000 | ---D | C] -- C:\jgh2002j
[2012/05/07 18:07:36 | 000,000,000 | ---D | C] -- C:\JGH
[2012/05/06 23:01:52 | 004,490,225 | R--- | C] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/06 23:00:04 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\dllcache
[2012/05/06 23:00:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/06 22:11:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 18:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/06 18:12:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/06 18:10:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/06 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
[2012/05/06 15:58:31 | 000,000,000 | ---D | C] -- C:\DashConfig
[2012/05/06 15:25:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/05/06 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\PackageAware
[2012/05/06 14:58:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2012/05/06 14:41:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2012/05/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/05/06 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/05/06 13:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/05/06 13:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/05/06 13:14:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/06 13:14:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/06 13:14:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/06 13:14:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/06 13:14:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 21:02:44 | 000,080,384 | ---- | M] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:38 | 000,337,441 | ---- | M] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 21:02:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan\Desktop\OTL.exe
[2012/05/28 20:55:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000UA.job
[2012/05/28 20:48:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 20:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 17:30:13 | 099,389,867 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/28 14:55:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-541655578-1006378361-3361530724-1000Core.job
[2012/05/27 22:48:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 16:49:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 17:29:43 | 000,192,126 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:09 | 000,036,901 | ---- | M] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/25 11:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 11:09:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 16:51:42 | 000,037,010 | ---- | M] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/23 22:57:59 | 000,002,403 | ---- | M] () -- C:\Users\Nathan\Desktop\Google Chrome.lnk
[2012/05/22 09:51:35 | 000,034,814 | ---- | M] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:09 | 000,154,624 | ---- | M] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/15 21:15:19 | 000,625,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/15 21:15:19 | 000,108,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/15 09:39:22 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/13 19:10:50 | 000,001,004 | ---- | M] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 23:14:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/11 22:51:46 | 004,490,225 | R--- | M] (Swearware) -- C:\Users\Nathan\Desktop\jgh.exe
[2012/05/11 22:19:31 | 000,000,488 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | M] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:31:15 | 000,021,534 | ---- | M] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 22:13:24 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/05/06 17:47:25 | 000,001,124 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:47:25 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 16:04:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/06 16:04:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/01 18:00:47 | 000,157,397 | ---- | M] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:11 | 000,351,568 | ---- | M] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 21:02:45 | 000,080,384 | ---- | C] () -- C:\Users\Nathan\Desktop\MBRCheck.exe
[2012/05/28 21:02:34 | 000,337,441 | ---- | C] () -- C:\Users\Nathan\Desktop\FSS.exe
[2012/05/28 17:30:13 | 099,389,867 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/25 17:29:43 | 000,192,126 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/25 12:48:15 | 000,036,901 | ---- | C] () -- C:\Users\Nathan\Desktop\bilde.jpg
[2012/05/24 16:51:51 | 000,037,010 | ---- | C] () -- C:\Users\Nathan\Desktop\badger_stuck.jpg
[2012/05/22 09:51:35 | 000,034,814 | ---- | C] () -- C:\Users\Nathan\AppData\Local\dt.dat
[2012/05/21 19:58:13 | 000,154,624 | ---- | C] () -- C:\Users\Nathan\Desktop\TDSSQlook.exe
[2012/05/13 19:10:50 | 000,001,004 | ---- | C] () -- C:\Users\Nathan\Desktop\Vehicle Simulator.lnk
[2012/05/11 22:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/11 22:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/11 22:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/11 22:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/11 22:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/11 22:19:28 | 000,000,488 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120511_221926.reg
[2012/05/10 23:35:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 11:40:24 | 000,000,017 | ---- | C] () -- C:\Users\Nathan\AppData\Local\resmon.resmoncfg
[2012/05/10 11:36:55 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/10 11:31:13 | 000,021,534 | ---- | C] () -- C:\Users\Nathan\Documents\cc_20120510_113111.reg
[2012/05/06 17:43:29 | 000,001,124 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/06 17:43:29 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue SpeedUpMyPC 2009.lnk
[2012/05/01 18:00:47 | 000,157,397 | ---- | C] () -- C:\Users\Nathan\Desktop\31-5137 (1).pdf
[2012/04/28 23:17:18 | 000,351,568 | ---- | C] () -- C:\Users\Nathan\Desktop\412175_10150682391575308_652370307_9788956_1433495807_o.jpg
[2012/02/09 22:10:54 | 000,000,000 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 21:31:47 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/10 21:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/15 10:29:31 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/15 10:29:31 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/18 23:30:37 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/06 14:18:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ScratchRemoval.dll
[2010/09/30 22:57:12 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/30 22:57:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/30 22:57:12 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/30 22:57:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/30 22:57:12 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/30 22:57:12 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/30 22:57:12 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/30 22:57:12 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/30 22:57:12 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/30 22:57:12 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/30 22:57:12 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/30 22:57:12 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/30 22:57:12 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/30 22:57:12 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/30 22:48:22 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw7c.bin
[2010/09/30 22:47:49 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
[2010/09/30 22:35:42 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2011/05/31 23:15:52 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2009/11/13 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\acccore
[2009/11/16 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Amazon
[2011/11/18 01:35:56 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AnvSoft
[2009/12/28 03:29:44 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Atari
[2011/10/17 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\AVG2012
[2012/01/10 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2009/11/16 02:19:03 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon
[2011/11/16 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.amazon.music.uploader
[2012/05/10 09:49:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Dropbox
[2010/09/30 23:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\EPSON
[2009/11/30 03:01:59 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Flickr
[2012/05/06 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Download Manager
[2009/11/16 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Imagenomic
[2010/01/22 04:04:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2011/12/26 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Kalypso Media
[2009/11/16 00:00:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Leadertech
[2010/12/03 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Quest3D
[2009/12/28 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Red Kawa
[2009/12/29 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Regensoft
[2012/05/12 13:42:32 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Roaming
[2011/07/01 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Smith Micro
[2012/05/25 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Spotify
[2012/03/26 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\The Creative Assembly
[2012/01/03 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tropico 4
[2012/01/27 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Ubisoft
[2012/05/06 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Uniblue
[2012/05/28 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2011/11/18 02:40:05 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Xilisoft
[2012/03/15 09:53:25 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[boatnerd06]

Extras.txt


OTL Extras logfile created on: 5/28/2012 9:04:22 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Nathan\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 56.82% Memory free
6.50 Gb Paging File | 4.59 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 11.88 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 37.78 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: NATHAN-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A452F3B-CAA0-4968-885C-B585428A6A1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BEB123B-94E0-4CEC-A504-EA1943A331B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0F3E2EC3-6659-40C3-867B-07C0A391DD17}" = rport=139 | protocol=6 | dir=out | app=system |
"{15BBC1E2-D780-441A-82C7-00452EDFB1C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1663770A-FA79-4BC5-A7AA-6EFA40974AFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18945B4A-4F13-4AB0-AA56-37F05723C3A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A933D60-C164-4A56-A8AF-903EEF64AD42}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{23BC620A-0F65-4A61-BC5C-B4381D176FC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2B24A9A2-4FC3-4F93-8E0D-5F333A00FAAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2FD91BAC-222B-4EC2-8388-318BDE91759B}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{33BA9F01-968D-41BC-8A8A-3E43275A43CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3410A725-C742-4E89-80F4-B1975DC90855}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38BB65B3-8EF3-4DF1-A916-A7D6B6CB000A}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{44A313CA-B8C2-4EDB-BDDD-DD7A5A7566BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4815FFCF-75AB-48EB-9E55-6A5AAF3107F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A2AC5EC-4430-4DB6-973D-6563A2B83BD3}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5317E39D-9D52-453D-ACDD-7C041A0153DB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{551EC835-2F01-45F6-9CE5-7ED4564958B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{553225E0-ACF4-4574-97A5-DF27AF7E640F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5760B206-C898-47E6-997C-F67E062BCD07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D55B4C-C4B9-4520-A687-8339BFDB3ECB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61977254-E344-4E24-8A5A-167CF93F40E7}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{61A7D874-5C2F-4C2A-A54E-A453A2952614}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{644D6143-7E46-4B57-A0D0-E3C8E5C0D4D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69117B67-4FBD-4A34-97E9-5D044F09541C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B536988-B066-4D34-BAD3-71AF1C57C743}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6FD158D5-BD47-4C67-95A6-12EC89A8E599}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{76D33988-D526-4C06-A83E-E542FFDBC622}" = lport=3390 | protocol=6 | dir=in | app=system |
"{787756B2-638A-4E90-BADC-9F47C1492433}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BA5A8A4-2AE7-4769-89DE-D5372506B36B}" = lport=139 | protocol=6 | dir=in | app=system |
"{877BFF74-A34F-49F8-8C6B-E0625B5345FA}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8840038B-DC83-40B7-8AFD-141C2D75C6A0}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{88AA1225-D77E-4CEC-9DA8-7960B1F5BE87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9014E455-711F-4617-B481-E6C687087203}" = lport=10243 | protocol=6 | dir=in | app=system |
"{93725F4F-7FC6-4DF2-AB8F-AB469B189E93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9460EC6B-5A4D-498E-A4AF-5D0DEF971142}" = lport=10244 | protocol=6 | dir=in | app=system |
"{98BF8813-0AEC-447B-A713-A1C8E224F0F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1D11FBB-9292-4C2D-830D-0FCCBF0E268D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A42625B0-33A5-49DF-BDCD-374B3A1783BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A51A28B3-D59E-4ABD-97B5-704A2FB88049}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A666313C-3379-41AE-A84E-F111F8503A9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A6C40842-03F0-4790-98E8-49AAF8AEA448}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B5039E73-D569-459D-B29F-6E6942A855BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC85A6A3-ACC0-47D0-9107-EE80B7182227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD81E9D5-5507-4CF8-8C51-7F902E30434F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEC4530B-3525-423D-8400-9C26520515C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C1C00F81-E0B7-4BEF-8EFD-2C6DC065DBD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C28A73A2-9DEA-4520-A5F2-311862B292C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C424701F-5FF7-45CA-85A1-B64F9DDFD96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CDEA7F42-284C-4C76-B2C0-63849CE69596}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D0F8DC7C-D1E1-4239-B7EC-2AA008A20662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DFC84CBB-F778-4DAD-94BA-723C6E25912F}" = rport=138 | protocol=17 | dir=out | app=system |
"{E013BC8F-26FC-41C3-ADCC-6287A98FEF41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9990D0B-202A-48FE-81B9-09278DECAF38}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6A104FB-A3DB-46CC-87BF-BD5F9BACDD58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8F5FBA9-77C0-4463-B05F-6D7126EEC2F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B053C-7106-47E6-89F6-5F932E0BF632}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{00880126-4799-462B-80AC-1E4D907558B8}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{01B1B9DA-95B1-48E7-86F0-32E931FB9EA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{01F6D4FF-B6FF-45A6-89D6-380855A3152E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{04D8BEC3-155F-4765-8880-ED0367C17F2A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0D7CC053-2F01-43FE-8529-8FCA1EA9AC9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{11695B5B-6D93-4C63-8BE5-1CD75B57E90F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1955E97E-9C07-46B6-B578-70B4B32BE4DA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{197592AB-6462-486E-90BB-3A9896BF85A1}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{1981DC00-C263-45E8-9638-6C7E0929BDFD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1B0CBA7B-6C0D-4B9A-AB53-C007D3BAD109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA11C11-03B4-45C0-9C5F-D02BB0E7DAE1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{1ED5E498-6CD9-4823-8159-92523D6119F9}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{2568159D-9477-4B10-96DB-A15EAA4F6013}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{27BB4EBE-B19E-44BD-A15E-096BE807D544}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EE56045-373A-47C0-ABD7-6D4031DAAF40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3030E610-5627-4E4D-99CA-4108A617AE64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3083D0B4-931A-4A37-B062-20E37A2E65DF}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{32114DEE-9454-4A21-905B-ED31921795A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3254EEA1-F003-4FE1-AB7C-0D95EF84519D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{37559716-E8BF-4EB2-A6F9-2A8938A541C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C3D618D-8C21-446E-A701-0E330F618B93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3DBF2B6A-8404-405B-B64C-AC0EE7B246FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{44C8751D-0A7A-4FDA-B9FB-8819996500E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{453DE800-892C-48DC-AACC-26E554763F82}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45A1C8A7-86E6-4997-BD41-07E636194830}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{464CA6DF-7693-4356-84F4-EA1010AC205D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{47A8756A-9E3D-4932-858F-7ED90BDF68E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{493BA7C4-FEFE-4BA3-991A-6A3D87D61841}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4A165E71-D832-40E1-9678-3C127D41DBCE}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{4AC6B872-1679-45F7-ABE1-DBB64D720AA4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{4B1FFB41-3777-4BD0-9873-773B37036332}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{4B8BFB8E-8AD2-48A0-A6B4-64469BDB4125}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4BFC95BD-0E12-4AE9-880C-A6EF2C5E3CCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4CECFE1B-6020-45D1-BE56-AC2DF4C06D27}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D322BBD-0732-4AC2-83C2-BCD63BF53A9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{4DF4C9FB-7ACA-4E55-82FE-9381A364EAAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5057EBA6-BAB5-4FD6-A1A1-7D54093DC2C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{51B54271-90C6-45B3-8783-2E1A929D78B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{533ABC04-0C62-4BFE-A203-4E6D8980C60D}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{54D1A701-8947-41A7-AAFA-793FEB476D3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{54FA8460-ABB5-4123-B21B-4B8410F20F07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{550ECA81-E0F5-40FE-B744-AA22E0C95C83}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{56B5F546-A7EC-467C-BCF3-8526A093F255}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{56D9B5FC-5C87-4A52-AE69-1E7B36799DC6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{579AA5C9-6B7B-4EAF-871C-10C17B2DCA58}" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"{57C00378-F15F-4D10-B0A7-630FC4756DAD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{5B3C2F4A-4A29-4DD0-BFFA-DFC841AD341A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DF4749E-643B-4533-B4DC-498278BE939C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{61DF4B3D-3120-4848-9FD9-7E8002F224FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{62E21914-4B1B-4B6C-8052-D3CDA8A98702}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{63833263-AF52-4C78-ADED-C12F9C96DDDA}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{64042822-A249-4169-B1C5-D07F2ED94DEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{672867DD-DEBE-4651-B9B4-BD706FE21AAD}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srlogin.exe |
"{6E8BDC6E-7946-468E-83FF-B86C691893AE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{6FF19883-BBFB-4602-911E-ECD58ECA0166}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{707BA506-34B6-44D5-8CD3-BB7775CF5EA1}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{72063B18-6CEC-4328-9B54-BAC6039A3EC1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{74E08EA1-6BC1-4C96-A2AC-C8E35AFB0541}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{78B4B8FD-B922-4FBB-A1BF-D5890695EB2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79DB61CF-1185-4802-8484-D79530DB6C75}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"{840261C1-74D0-46BB-8646-BABD40BD3913}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{8570FE5B-3587-4B5B-8585-35E1BF6691FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{85AE8BCE-9E28-4831-B2FE-A75EB57A48AE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{869C0104-97F1-4422-9982-EEBA85054B2E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8B221514-77D1-4282-AC7E-B62C34465EB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{8B4009A4-5382-4972-9B1D-EA94BC84AB8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8B665357-B352-41F7-BD9F-F3E290217F50}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8F9662CE-0BAB-49A0-B4B7-AAC2596BDAB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{90A888C7-E048-4D0D-B0AD-BC363ACED5FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{92398F70-999F-4AED-AC19-F3E85D2B616E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{92DAC024-3218-4373-8D45-7FA306A6AED3}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{979ED4C5-FD6C-42A9-A7B0-385E2608A7B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{97F1CA41-FDE7-4701-B660-72FDDAB7F8F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{996129C3-F436-4CAF-95A5-7E65CCE81CAB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{9A02C211-266B-4B78-922C-F8D1CF9E924C}" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"{9B467123-7C1C-4D3A-8ABB-634F69B4E6DA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9BA6CDF5-BCB2-4813-9A50-DE475F2FAD1C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C8CF425-6487-4F5B-AF11-C187C57669CC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9F113399-7A73-4753-B904-B4BDA10CC15D}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{9FE64682-31D4-467C-AD8C-F16D2653E8D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A067CB7F-C338-4D19-A02D-C879C66499C2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{A188356B-042C-43D1-A695-E860E7603632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A21A3FE6-75E3-49FE-B1A1-8BCDB1A81E16}" = protocol=58 | dir=in | app=system |
"{A48F0EA6-284E-453F-AF48-592DCB8163FF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{A813405F-4A4A-4CE4-98E9-48E12F8BBDAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{AA044495-BDEA-4B12-BF5F-89C17C3BA35B}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AB95CC9F-D9EA-4F26-981D-08B965A72894}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{AEDA7674-606D-44A6-A88D-4A570B91B025}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B0CBCF8D-E75F-49B7-BBEA-88EB1DF057E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B15DFB48-6AD8-477A-90D6-C35B3415EBDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3C9C29A-5AAE-4B89-90EC-0D6D805355CB}" = protocol=6 | dir=out | app=system |
"{B6FDE48F-7B35-4F61-BC96-E76C4A294D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE72955-8BDD-452E-B47E-FF7B721BAB5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{BD4F0476-1F86-487F-AA60-785A80DF5BB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{C019B98E-75E4-4764-9E9B-2AB8100EBC2C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{C417D1DB-6937-4BF5-8DBE-2FB4DDF664BD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{C4DACC02-8E0F-4E7D-BB85-BD23266C9BD9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C53752AB-6693-4DB7-AE5B-F7AD1076B81F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C82CBFBE-1A39-48BC-9DF9-A6A6F4002A7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAEA5CE3-1D89-4F30-AC80-3123480D727A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CFCB3BB5-5235-4EFE-975F-2737A23CC990}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D54C1118-3003-4C26-9AFD-B1C1B1E2FD57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6682BA6-F1CE-41EA-8039-7ECE03FB9924}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D9520C34-5A90-4A5B-B20B-861CD24FD828}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{DF490F7A-7C38-4ADD-8224-8444A66ACCC9}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{E15C4724-4402-4FF8-8005-942D40AED1CB}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{E1D0F5C9-48A8-4EE9-A805-F452E6D9F897}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{E6910208-4F18-4DBD-A6E3-5400FBF79774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E77B8B04-9478-49A0-A101-CFFC149EE518}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EC03625C-69D4-4F22-86F5-A16F37549055}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{EC7AF683-2898-4C88-95DB-4C54B3C07EC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F10E3735-22D9-442E-9155-0E65FD98BB8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F1F0516F-CA24-4C23-9021-AB3094919465}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 4\tropico4.exe |
"{F7173DB7-9ED7-45DF-82EF-595873C6377D}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{FB18338E-3233-4738-A88D-8CE3E5C06151}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FE2CA579-7C62-4346-A9C4-7640506042F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{2A4EB33F-A510-4512-83A8-CACBC189A06B}C:\users\nathan\downloads\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"TCP Query User{2C7FF758-B5ED-49EA-A2F0-52301F967741}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{2D0A3CBA-C9A2-4FEF-9836-0CB266154102}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{436C6A54-C3AD-4899-9D14-E6BA7FF5C021}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4E39E453-306F-4553-A32A-3E39F3B2AD6C}C:\program files\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"TCP Query User{729765E4-360F-4B2A-B6F2-4C98BE7F4F39}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8A3E5C22-0EAF-484C-8E89-21110CF1C066}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{9A1479DB-7742-4514-BBDC-A99B8AF53680}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9E5120CE-8151-4B64-B3E8-74F044DAE5AF}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A10D49BE-EBE0-408C-A6E5-B1436528E3BF}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{A67CEBF0-E2A2-4B22-94B8-1F3A21B90773}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B8673798-6A54-47F9-8E21-E0F0666B3D31}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{BB3D3260-75FF-439E-AA47-D357B4A7CF06}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{D326D483-EF29-4839-A9BC-4BB21152717C}C:\users\nathan\downloads\spotify installer.exe" = protocol=6 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"TCP Query User{E5F00BB3-F5FF-4EC8-8A64-D7ECBBA0AF88}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F1432713-C4C4-4405-9144-B32DA9E36DB3}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"TCP Query User{F2BBC428-A4FA-4409-B487-C44E46D0D7EE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{1FA10DE0-F0E9-43C9-A9D8-D905E7880DAA}C:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{269696D2-E59B-49FC-85D5-24207BE5FD4A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{269AF8A5-CF9B-4EBD-B8B2-0C73551CB936}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{30C53BF8-CD82-4380-878C-0E72D0C601BD}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4DB9A561-E773-4029-A4AB-62D6F3782D47}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{4FA2FFCA-37A8-4C63-A392-311F39894BF3}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{552F49D3-255A-4191-B8BC-CEE3EA9B6BC1}C:\program files\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\tightvnc\winvnc.exe |
"UDP Query User{62FFB00B-FA7B-48F4-8D41-7E282C1E2D43}C:\users\nathan\downloads\spotify installer.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify installer.exe |
"UDP Query User{7290F67C-7198-4E2C-B472-E1CC1950115A}C:\users\nathan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7BC6EB37-3BB6-4455-BC97-76E33A73A24A}C:\users\nathan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{97F45FEA-6E8C-4D2B-A6B5-C8C5EC234625}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{A1CD8AAB-D427-4274-9924-4B86FB83B022}C:\program files\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 8\sketchup.exe |
"UDP Query User{A5B924D3-88CA-42F4-8FEC-1FEB5B2BD136}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AB1AB7F6-D117-4B97-BFA5-B1AD42BD89F9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D75A720A-A9EC-49F8-981F-FD06D676969C}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{EB1A8164-1D31-4483-8706-4C721B7D87F3}C:\users\nathan\downloads\spotify.exe" = protocol=17 | dir=in | app=c:\users\nathan\downloads\spotify.exe |
"UDP Query User{EB8C2B85-7A45-48DB-8507-4987C8A0A65B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4283ACFF-437C-400E-A1C8-445B57CC145A}" = VMLite Workstation
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AAC5AE8-EDE6-44D4-AA87-E90870178FDE}" = Minitab 15 English
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624A02E4-8F95-43F6-9EF3-7E437AB9B80B}" = VZAccess Manager
"{635C3D63-D901-4119-9AD2-852D10DCB937}" = 3dem
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.1
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F78676-9219-4C9D-9E24-FAA187C4DF1E}" = ZTE USB Drivers
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{964D07BE-460C-4862-B59C-49575B8F46DC}" = Google SketchUp Pro 8
"{9985ABB2-14F3-4825-B5AF-0EFB23F715CB}" = Badongo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83C6C34-3007-422A-9E56-A74996BCCDBD}" = LogMeIn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED4B209-F114-4D85-BADB-2D702B15D2D7}_is1" = LDraw Parts Library 2010-03
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E60B8506-DDC7-433d-AF9E-999D0F543C4A}" = 2570_Help
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA7FE7AB-34AE-4e14-84C5-187E6EC0AB9B}" = 2570
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC346DB0-4207-4756-8283-26580372DAE3}" = Bloom
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F66D5732-C2A6-4f88-B8FE-AEDA10355FBD}" = 2570Trb
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Access" = Microsoft Office Access 2007
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AuranTS2009_DLC2_is1" = Trainz 'PRR T1 - A Fleet of Modernism' Addon Pack
"AuranTS2009_is1" = TS2009: Murchsion Pack
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Blender" = Blender
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"com.amazon.music.uploader" = Amazon MP3 Uploader
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.7
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.18
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXCEL" = Microsoft Office Excel 2007
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.3
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IrfanView" = IrfanView (remove only)
"Klinn's ElectroSet (RCT3)_is1" = Klinn's ElectroSet Version 2
"Klinn's Framework (RCT3)_is1" = Klinn's Framework Version 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"PeerGuardian_is1" = PeerGuardian 2.0
"PEVAssetX" = PEVSoft AssetX
"PEVattachmentmaker" = PEVSoft AttachmentMaker
"PEVImages2TGA" = PEVSoft Images2TGA
"PEVMesh_Viewer2" = PEVSoft Trainz Mesh Viewer 2
"PEVpm2im" = PEVSoft PM2IM 2
"PEVquickshadows" = PEVSoft QuickShadows
"PhotoStitch" = Canon Utilities PhotoStitch
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PUBLISHER" = Microsoft Office Publisher 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Ship Simulator Extremes_is1" = Ship Simulator Extremes
"Shipsim2008" = Ship Simulator 2008
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SS2008 RED EAGLE SUPER PACK_is1" = SS2008 RED EAGLE SUPER PACK
"SS2008 RED JET SUPER PACK_is1" = SS2008 RED JET SUPER PACK
"Steam App 10500" = Empire: Total War
"Steam App 2700" = Rollercoaster Tycoon 3 Platinum
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 400" = Portal
"Steam App 57690" = Tropico 4
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TightVNC_is1" = TightVNC 1.3.10
"Trainz Tuner" = Trainz Tuner
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Vehicle Simulator_is1" = Vehicle Simulator
"Videora iPod Converter" = Videora iPod Converter 5.03
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xilisoft HD Video Converter 6" = Xilisoft HD Video Converter 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-541655578-1006378361-3361530724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"BSC Cleanitol TM" = BSC Cleanitol TM
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HMAS SUCCESS AOR304 - For Vehicle Simulator" = HMAS SUCCESS AOR304 - For Vehicle Simulator
"HMAS WESTRALIA AO195 - For Vehicle Simulator" = HMAS WESTRALIA AO195 - For Vehicle Simulator
"Move Media Player" = Move Media Player
"NAM Essentials" = NAM Essentials r85
"Network Addon Mod" = Network Addon Mod Version 29
"Network Widening Mod" = Network Widening Mod Version 1.1.1
"RealHighway Mod" = RealHighway Mod Version 4.1.0
"SC4Mapper" = SC4Mapper
"Spotify" = Spotify
"The Klub 17" = The Klub 17
"Traffic Simulator Configuration Tool" = Traffic Simulator Configuration Tool

[boatnerd06]

Extras.txt part 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 2:43:09 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0x0000046b Fault offset: 0x00009673 Faulting
process id: 0x1698 Faulting application start time: 0x01ccba73f117bb36 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 0cf5c552-26e8-11e1-ad13-001fd08149e9

Error - 12/16/2011 2:55:35 AM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6f1c Start
Time: 01ccbbbf416ea86f Termination Time: 32 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: ed783233-27b2-11e1-9551-001fd08149e9

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 13
Description =

Error - 12/16/2011 4:31:10 AM | Computer Name = Nathan-PC | Source = VSS | ID = 8193
Description =

Error - 12/16/2011 6:57:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2ea0 Start
Time: 01ccbc3a5208d78b Termination Time: 520 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 91706235-282f-11e1-bd08-001fd08149e9

Error - 12/17/2011 6:10:09 PM | Computer Name = Nathan-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 12/18/2011 3:49:44 AM | Computer Name = Nathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ContentManager.exe, version: 1.0.0.12345,
time stamp: 0x4da2381e Faulting module name: LIBEAY32.dll, version: 0.9.8.5, time
stamp: 0x45e4dd6e Exception code: 0xc0000005 Fault offset: 0x00041843 Faulting process
id: 0x940 Faulting application start time: 0x01ccbce9f87da41e Faulting application
path: C:\Program Files\N3V Games\TS12\bin\ContentManager.exe Faulting module path:
C:\Program Files\N3V Games\TS12\bin\LIBEAY32.dll Report Id: d949a7a4-294c-11e1-9dd5-001fd08149e9

Error - 12/19/2011 1:09:47 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2630 Start
Time: 01ccbe6fcf871568 Termination Time: 813 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: 2568c37a-2a64-11e1-ad65-001fd08149e9

Error - 12/20/2011 7:19:28 PM | Computer Name = Nathan-PC | Source = Application Hang | ID = 1002
Description = The program trainz.exe version 1.5.0.46957 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3e1c Start
Time: 01ccbf53d8649c7e Termination Time: 2400 Application Path: C:\Program Files\N3V
Games\TS12\bin\trainz.exe Report Id: fcf83f5b-2b60-11e1-9dd3-001fd08149e9

[ Media Center Events ]
Error - 2/9/2012 9:33:30 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:29 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:44 PM | Computer Name = Nathan-PC | Source = MCUpdate | ID = 0
Description = 8:33:30 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 2/9/2012 9:33:51 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/9/2012 11:13:26 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 2/10/2012 12:59:45 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:32:16 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =

Error - 2/10/2012 1:34:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 2/10/2012 1:36:12 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 2/10/2012 1:36:19 PM | Computer Name = Nathan-PC | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

[ OSession Events ]
Error - 2/3/2010 3:52:57 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23973
seconds with 420 seconds of active time. This session ended with a crash.

Error - 3/1/2012 7:47:58 PM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14312
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 3/31/2012 2:44:05 AM | Computer Name = Nathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50650
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/26/2012 11:35:04 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:25:43 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 12:52:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 3:49:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 7:15:15 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 9:09:19 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:43:07 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/27/2012 10:28:44 PM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 10:07:33 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/28/2012 11:17:29 AM | Computer Name = Nathan-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

[boatnerd06]

FSS.txt

Farbar Service Scanner Version: 27-05-2012
Ran by Nathan (administrator) on 28-05-2012 at 21:20:29
Running from "C:\Users\Nathan\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[boatnerd06]

MBRCheckLog

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3P
Logical Drives Mask: 0x00006e7d

Kernel Drivers (total 201):
0x82E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E03000 \SystemRoot\system32\halmacpi.dll
0x80B9B000 \SystemRoot\system32\kdcom.dll
0x8BA39000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BABE000 \SystemRoot\system32\PSHED.dll
0x8BACF000 \SystemRoot\system32\BOOTVID.dll
0x8BAD7000 \SystemRoot\system32\CLFS.SYS
0x8BB19000 \SystemRoot\system32\CI.dll
0x8BC37000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCA8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCB6000 \SystemRoot\System32\Drivers\spnn.sys
0x8BDB7000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BDC0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BE39000 \SystemRoot\system32\drivers\ACPI.sys
0x8BE81000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BE89000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BE94000 \SystemRoot\system32\drivers\pci.sys
0x8BEBE000 \SystemRoot\System32\drivers\partmgr.sys
0x8BECF000 \SystemRoot\system32\drivers\volmgr.sys
0x8BEDF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BF2A000 \SystemRoot\system32\drivers\pciide.sys
0x8BF31000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BF3F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF55000 \SystemRoot\system32\drivers\vmbus.sys
0x8BF7F000 \SystemRoot\system32\drivers\winhv.sys
0x8BF91000 \SystemRoot\system32\drivers\atapi.sys
0x8BF9A000 \SystemRoot\system32\drivers\ataport.SYS
0x8BFBD000 \SystemRoot\system32\drivers\amdxata.sys
0x8BFC6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BE00000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE11000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C00C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C13B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C166000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C179000 \SystemRoot\System32\Drivers\cng.sys
0x8C1D6000 \SystemRoot\System32\drivers\pcw.sys
0x8C1E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C23E000 \SystemRoot\system32\drivers\ndis.sys
0x8C2F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C333000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C408000 \SystemRoot\System32\drivers\tcpip.sys
0x8C552000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C583000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C58C000 \SystemRoot\system32\drivers\volsnap.sys
0x8C5CB000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5D3000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C358000 \SystemRoot\System32\Drivers\mup.sys
0x8C400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C368000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C39A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C3D0000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C3D7000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x8C211000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C230000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C1ED000 \SystemRoot\System32\Drivers\Null.SYS
0x8C1F4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3FC000 \SystemRoot\system32\drivers\MTiCtwl.sys
0x8C000000 \SystemRoot\System32\drivers\vga.sys
0x8BC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BE1B000 \SystemRoot\System32\drivers\watchdog.sys
0x8BE28000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BE30000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BC21000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BC29000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BBC4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9203B000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x92082000 \SystemRoot\System32\DRIVERS\netbt.sys
0x920B4000 \SystemRoot\system32\drivers\afd.sys
0x9210E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x92117000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9211E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9213D000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x9214D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9215E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9216C000 \SystemRoot\system32\DRIVERS\serial.sys
0x92186000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92199000 \SystemRoot\system32\drivers\vpcvmm.sys
0x921E0000 \SystemRoot\system32\drivers\vmliteusbmon.sys
0x92000000 \SystemRoot\system32\drivers\vmlitedrv.sys
0x92007000 \SystemRoot\system32\drivers\VBoxDrv.sys
0x92029000 \SystemRoot\system32\drivers\termdd.sys
0x9262B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9266C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92676000 \SystemRoot\system32\drivers\mssmbios.sys
0x92680000 \SystemRoot\System32\drivers\discache.sys
0x9268C000 \SystemRoot\system32\drivers\csc.sys
0x926F0000 \SystemRoot\System32\Drivers\dfsc.sys
0x92708000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92716000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x9274D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9276E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93D0D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93D0F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93DC6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92780000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9278B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x927D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92600000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8BBDB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x94038000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0x94141000 \SystemRoot\system32\DRIVERS\ks.sys
0x94175000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0x94179000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9417B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x9417E000 \SystemRoot\system32\drivers\1394ohci.sys
0x941AB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x941B6000 \SystemRoot\system32\DRIVERS\serenum.sys
0x941C0000 \SystemRoot\system32\DRIVERS\parport.sys
0x941D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94000000 \SystemRoot\System32\Drivers\a1ar6w9g.SYS
0x941DE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x941EB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x941EC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x927E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9261F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94624000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9463C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94653000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9466A000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x94681000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9468B000 \SystemRoot\system32\drivers\kbdclass.sys
0x94698000 \SystemRoot\system32\drivers\mouclass.sys
0x946A5000 \SystemRoot\system32\DRIVERS\vmlitestor.sys
0x946CA000 \SystemRoot\system32\DRIVERS\storport.sys
0x94712000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x9472C000 \SystemRoot\system32\drivers\swenum.sys
0x9472E000 \SystemRoot\system32\drivers\umbus.sys
0x9473C000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x94754000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x94761000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x94797000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x947DB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x947E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94A35000 \SystemRoot\system32\drivers\HdAudio.sys
0x94A85000 \SystemRoot\system32\drivers\portcls.sys
0x94AB4000 \SystemRoot\system32\drivers\drmk.sys
0x94ACD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94AE4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94AFB000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x94B05000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94B0C000 \SystemRoot\system32\drivers\hidusb.sys
0x94B17000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x94B2A000 \SystemRoot\system32\drivers\kbdhid.sys
0x94B36000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94B41000 \SystemRoot\system32\DRIVERS\point32.sys
0x94B4A000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x94BF3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x94A00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x94A0E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x94A19000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x94600000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x94E0F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94E39000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94E46000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x94E51000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94E5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9CB30000 \SystemRoot\System32\win32k.sys
0x94E6B000 \SystemRoot\System32\drivers\Dxapi.sys
0x94E75000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CD90000 \SystemRoot\System32\TSDDD.dll
0x9CDC0000 \SystemRoot\System32\cdd.dll
0x9CA00000 \SystemRoot\System32\ATMFD.DLL
0x94E80000 \SystemRoot\system32\drivers\luafv.sys
0x94E9B000 \SystemRoot\system32\drivers\WudfPf.sys
0x94EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94EC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94F0B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94F1B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94F2E000 \SystemRoot\system32\drivers\HTTP.sys
0x94FB3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94FD4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94FED000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA343B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA345E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3499000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA34B4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3504000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3556000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA355D000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xA3560000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA3562000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xABA27000 \SystemRoot\system32\drivers\peauth.sys
0xABABE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABAC8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABAD5000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0xABADA000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xABAFB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xABB1C000 \SystemRoot\System32\drivers\rdpdr.sys
0xABB41000 \SystemRoot\system32\drivers\tdtcp.sys
0xABB4C000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xABB59000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xABBF5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47A30000 \Windows\System32\smss.exe
0x778E0000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 52\alcoholx.dll

Processes (total 75):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
364 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
420 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
680 csrss.exe
748 csrss.exe
756 C:\Windows\System32\wininit.exe
796 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\nvvsvc.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\nvvsvc.exe
1576 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1804 C:\Windows\System32\svchost.exe
576 PrintIsolationHost.exe
692 C:\Windows\System32\svchost.exe
1064 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1528 C:\Windows\System32\dwm.exe
1636 C:\Windows\explorer.exe
1544 C:\Windows\System32\taskhost.exe
944 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2064 C:\Program Files\Bonjour\mDNSResponder.exe
2132 C:\Windows\System32\svchost.exe
2168 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2516 C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
2544 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\AVG\AVG2012\avgidsagent.exe
2716 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2984 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2992 C:\Program Files\iTunes\iTunesHelper.exe
3000 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3008 C:\Program Files\AVG\AVG2012\avgtray.exe
3036 C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
3640 C:\Program Files\iPod\bin\iPodService.exe
3712 C:\Windows\System32\SearchIndexer.exe
3740 C:\Program Files\AVG\AVG2012\avgnsx.exe
3748 C:\Program Files\AVG\AVG2012\avgemcx.exe
3860 C:\Windows\System32\svchost.exe
2344 WUDFHost.exe
5416 C:\Windows\System32\svchost.exe
5024 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4568 C:\Windows\System32\conhost.exe
5468 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
5160 C:\Windows\System32\conhost.exe
5480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1340 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5092 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4644 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4956 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
3624 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5676 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
5988 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
1480 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4440 C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
4616 C:\Windows\System32\notepad.exe
5940 C:\Windows\System32\notepad.exe
5208 C:\Windows\System32\audiodg.exe
2772 WmiPrvSE.exe
4584 <unknown>
4544 <unknown>
3412 C:\Users\Nathan\Desktop\MBRCheck.exe
6124 C:\Windows\System32\conhost.exe
5352 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3500320AS, Rev: SD15
PhysicalDrive1 Model Number: WDCWD1001FALS-00J7B0, Rev: 05.00K05
PhysicalDrive2 Model Number: SeagatePortable, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[Scolabar]

Hi boatnerd06,

Thank you for the logs and update.

Please confirm what OS, if any, is installed on the F: drive.

Again, please remember to read the instructions below carefully before executing and perform the steps exactly in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
MGA Diagnostics

1. Please download this tool from Microsoft and Save it to your Desktop.
2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. Click on the Continue button to proceed.
4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
5. When it has finished click on the Copy button.
6. Go to Start > All Programs > Accessories > Notepad.
7. This will open an empty Notepad file.
8. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
9. Click on the OK button to exit the MGA Diagnostics program.
10. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 2:
WVCheck

1. Please download WVCheck and Save it to your Desktop.
2. Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. Read the comments on the screen and then press Enter.
   The scan can take a while depending on the size of your hard drive.
4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.

Step 3:
CKScanner

1. Please download CKScanner and Save it to your Desktop.
   Make sure that CKScanner.exe is on your Desktop before running the application!
2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. Then click on the Search For Files button.
4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
   A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
   Note: Please run the program ONCE only.
5. Click on the Exit button to close the program.
6. Double-click on the ckfiles.txt file to open it.
7. Then Copy and Paste the entire contents of the file into your next reply.

Step 4:
Include in Next Post

1. Did you have any problems carrying out the instructions?
2. What OS, if any, is installed on the F: drive?
3. mgadiag.txt.
4. WVCheck_hhmm_dd-mm-yyyy.txt.
5. ckfiles.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed