Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Cryptic Removal Request


  • This topic is locked This topic is locked
10 replies to this topic

#1 MobileMem

MobileMem

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 January 2011 - 11:25 AM

Hello everyone.

Last night a program called Memory Fixer mysteriously appeared on my computer. It turned my screen black and popped up a fake scan and began to give me several fake warnings about my hard drive being unreadable as well as my RAM usage being too high.

A Free AVG virus scan showed three objects, two of them being Trojan Horse Cryptic. And a file related to them. Several attempts to remove them did not work even though they said they were healed. In my panic I did a system restore with Windows Vista back to the 31st. This seemed to remove all symptoms. Scans are not picking them up anymore.

However, I know these things do not go away that easily, and I figured it would be best to seek the guidance of this wonderful forum.

Thanks in advance.

As requested here is my DDS report:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by User at 10:05:23.75 on Wed 01/05/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2250 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
mWinlogon: Userinit=userinit.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [PlayNC Launcher]
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-9-5 69152]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2008-11-27 427016]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2008-11-27 33416]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-11-27 297752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2010-8-30 23680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2008-9-30 313344]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1375992]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-11-4 25832]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-6-27 12744]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-8-17 55296]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-15 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-01-05 15:03:53 -------- d-----w- C:\Windows\en
2011-01-05 15:01:00 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-01-05 15:00:27 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-01-05 15:00:21 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-01-05 15:00:21 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-01-05 15:00:20 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-01-05 15:00:20 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-01-05 14:53:47 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\592d3baf1cbace82d\InstallManager_WLE_WLE.exe
2011-01-05 14:53:14 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\473d7f4f1cbace821\MeshBetaRemover.exe
2011-01-05 14:52:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b804af1cbace81a\DSETUP.dll
2011-01-05 14:52:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b804af1cbace81a\DXSETUP.exe
2011-01-05 14:52:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b804af1cbace81a\dsetup32.dll
2011-01-05 14:52:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\30d72eef1cbace819\DSETUP.dll
2011-01-05 14:52:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\30d72eef1cbace819\DXSETUP.exe
2011-01-05 14:52:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\30d72eef1cbace819\dsetup32.dll
2011-01-05 14:51:18 -------- d-----w- C:\Users\User\AppData\Local\Windows Live
2011-01-05 14:50:12 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2011-01-05 14:50:12 1103872 ----a-w- C:\Windows\System32\webservices.dll
2010-12-15 14:01:56 96256 ----a-w- C:\Windows\System32\fontsub.dll

==================== Find3M ====================

2010-11-07 11:32:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-11-07 11:32:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-04 10:56:30 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-18 15:35:48 87552 ----a-w- C:\Windows\System32\consent.exe
2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys
2010-10-16 18:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 18:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 18:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 18:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll

============= FINISH: 10:06:03.36 ===============



And here is my GMER report:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-05 10:50:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x89 0xD0 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x6D 0xAC 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB1 0xB5 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x89 0xD0 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x6D 0xAC 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB1 0xB5 0x04 ...

---- EOF - GMER 1.0.15 ----




Thank you all for doing this for us.

I am hoping the problem is gone, but I just want to be safe.

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 10 January 2011 - 07:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MobileMem

MobileMem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 10 January 2011 - 01:04 PM

I have not had any symptoms of the infection since I did a restore point with my computer as mentioned in the OP post. But I have heard original infection can sometimes lie dormant, I just want to make sure that my system is indeed clean.

Thank you.

OTL logfile created on: 1/10/2011 11:46:05 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 173.57 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: IBUYPOWER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 11:45:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/12/10 19:05:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/28 07:08:45 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/28 07:08:45 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/08/19 08:42:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 11:45:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2011/01/05 10:02:08 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2011/01/05 10:02:08 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/11/07 06:32:26 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/28 07:08:45 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/30 09:23:47 | 000,023,680 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/31 18:17:05 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/19 08:42:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2010/11/01 20:15:34 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/16 07:09:50 | 000,038,056 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 08:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/12 07:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/18 18:00:50 | 000,055,296 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2009/11/24 14:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/19 08:42:58 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/19 08:42:55 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/03/28 08:38:00 | 000,036,432 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dfmirage.sys -- (dfmirage)
DRV:64bit: - [2008/04/22 10:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/03/11 06:38:00 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008/02/18 20:18:28 | 000,208,704 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/02/13 22:37:12 | 000,313,344 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2006/10/31 18:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/11/04 05:56:29 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/14 08:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/04/08 20:05:18 | 000,141,612 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2008/02/18 20:18:28 | 000,208,704 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/21 10:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/07 06:32:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/09 00:52:18 | 000,000,000 | ---D | M]

[2008/11/11 22:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/01/09 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions
[2009/09/02 11:33:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 21:08:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/03 19:37:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/15 19:43:29 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/09/15 19:52:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\foxyproxy@eric.h.jung
[2010/11/15 07:05:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ssqiy0lz.default\extensions\toolbar@ask.com
[2011/01/09 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/07 06:32:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-2482396236-3880700520-2376781461-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - StartUpReg: Aim6 - hkey= - key= - C:\Program Files (x86)\AIM6\aim6.exe File not found
MsConfig:64bit - StartUpReg: AVG8_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: I-Hate-Keyloggers - hkey= - key= - C:\Users\User\Documents\i-hate-keyloggers.exe File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: MP4 Player - hkey= - key= - C:\Program Files (x86)\MP4 Player\mp4Player.exe ()
MsConfig:64bit - StartUpReg: NCsoft Launcher - hkey= - key= - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSoft)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RayV - hkey= - key= - C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: Turbine Download Manager Tray Icon - hkey= - key= - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 11:45:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/01/09 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient
[2011/01/09 01:27:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/01/09 01:27:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/01/09 01:27:38 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/01/09 01:27:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/01/09 01:27:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/01/09 01:19:00 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/01/09 01:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/01/09 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\LeagueOfLegends.NA.12_13_2010
[2011/01/05 10:03:53 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/05 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/01/05 10:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/01/05 10:00:21 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/01/05 10:00:21 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/01/05 10:00:20 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/01/05 10:00:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/01/05 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live
[2011/01/05 09:50:12 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2011/01/05 09:50:12 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2010/12/25 11:36:08 | 020,284,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/12/25 11:36:08 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/12/25 11:36:08 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/12/25 11:36:08 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/12/25 11:36:08 | 007,491,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/12/25 11:36:08 | 006,471,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/12/25 11:36:08 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/12/25 11:36:08 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/12/25 11:36:08 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/12/25 11:36:08 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/12/25 11:36:08 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/12/25 11:36:08 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/12/25 11:36:08 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/12/25 11:36:08 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/12/25 11:36:08 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/12/25 11:36:08 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/12/25 11:36:07 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/12/25 11:36:07 | 001,719,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/12/25 11:36:07 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/12/16 17:08:31 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2010/12/15 09:01:56 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/15 09:01:56 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 09:01:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/12/15 09:01:56 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/15 09:01:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 09:01:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/15 09:01:52 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/15 09:01:41 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/12/15 09:01:40 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 09:01:39 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 09:01:39 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 09:01:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/12/15 09:01:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/15 09:01:38 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/15 09:01:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/12/15 09:01:38 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/15 09:01:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 09:01:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/12/15 09:01:38 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/12/15 09:01:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 09:01:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 09:01:37 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/15 09:01:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 09:01:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/12/15 09:01:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 09:01:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 09:01:37 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/15 09:01:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/12/15 09:01:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/12/15 09:01:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/12/15 09:01:37 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 09:01:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/12/15 09:01:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/15 09:01:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/12/15 09:01:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 09:01:22 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 09:01:22 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 09:01:22 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 09:01:22 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 09:01:22 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 09:01:22 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 11:45:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/01/10 11:44:00 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 11:44:00 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 08:23:51 | 069,952,721 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/01/10 07:44:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/10 07:43:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 00:31:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/10 00:18:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{197D9CE2-CD44-44DA-81B2-EF156211E156}.job
[2011/01/09 21:39:14 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\World of Warcraft.lnk
[2011/01/09 18:00:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\next.job
[2011/01/09 01:28:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/01/06 17:36:11 | 000,020,375 | ---- | M] () -- C:\Users\User\Desktop\TH1.docx
[2011/01/06 07:36:56 | 000,383,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/05 09:47:51 | 000,288,107 | ---- | M] () -- C:\Users\User\Desktop\gmer.zip
[2011/01/05 09:47:31 | 000,624,128 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2011/01/05 02:25:29 | 000,000,496 | ---- | M] () -- C:\ProgramData\OQfTPvgW
[2011/01/05 02:19:41 | 000,000,376 | ---- | M] () -- C:\ProgramData\~OQfTPvgW
[2011/01/05 02:19:41 | 000,000,160 | ---- | M] () -- C:\ProgramData\~OQfTPvgWr
[2010/12/23 08:37:01 | 000,806,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/23 08:37:01 | 000,675,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/23 08:37:01 | 000,132,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/21 11:22:56 | 000,002,263 | ---- | M] () -- C:\Users\User\Desktop\Steam.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/09 21:34:57 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/09 01:28:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/01/05 14:58:07 | 000,020,375 | ---- | C] () -- C:\Users\User\Desktop\TH1.docx
[2011/01/05 10:06:28 | 000,296,448 | ---- | C] () -- C:\Users\User\Desktop\gmer.exe
[2011/01/05 09:47:45 | 000,288,107 | ---- | C] () -- C:\Users\User\Desktop\gmer.zip
[2011/01/05 09:47:22 | 000,624,128 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2011/01/05 01:42:15 | 000,000,376 | ---- | C] () -- C:\ProgramData\~OQfTPvgW
[2011/01/05 01:42:15 | 000,000,160 | ---- | C] () -- C:\ProgramData\~OQfTPvgWr
[2011/01/05 01:42:14 | 000,000,496 | ---- | C] () -- C:\ProgramData\OQfTPvgW
[2010/12/25 11:36:08 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/08 18:52:43 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/09/21 15:41:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/17 12:20:49 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/07/02 14:39:58 | 000,415,566 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI266B.txt
[2010/07/02 14:39:58 | 000,011,378 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI266B.txt
[2010/06/26 13:31:13 | 000,458,966 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI1D00.txt
[2010/06/26 13:31:13 | 000,011,440 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI1D00.txt
[2010/04/01 15:18:11 | 000,141,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2009/12/15 20:04:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/15 20:03:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/24 10:43:21 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/10/10 00:13:38 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/10 00:12:46 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\swk.ini
[2009/09/13 11:26:07 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/09/13 10:40:31 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2009/06/14 10:18:02 | 000,760,152 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/04/11 10:46:53 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/04/11 10:46:53 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/04/11 10:46:53 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/02/14 23:37:50 | 000,000,036 | ---- | C] () -- C:\Windows\avitopspconverter.ini
[2009/02/08 21:45:57 | 000,006,656 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 22:08:06 | 000,000,289 | ---- | C] () -- C:\Program Files\eqp_config.xml
[2008/12/03 18:51:56 | 000,209,008 | ---- | C] () -- C:\Windows\SysWow64\kbhookdll.dll
[2008/09/30 15:16:08 | 000,012,022 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/09/30 15:15:46 | 000,011,779 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/31 22:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2004/07/10 17:55:38 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\wsiShared.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 07:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >











OTL Extras logfile created on: 1/10/2011 11:46:05 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 173.57 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: IBUYPOWER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2482396236-3880700520-2376781461-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 02 36 05 5A 29 3B CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047D68D1-B084-434B-83E2-651E8324FA70}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{04D7ABAF-E61B-4A5C-B794-3578B3353FBB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{050B87B2-3400-4549-AADD-6699914F543A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{07E74BA4-498D-447A-9AFD-F7C96F44C3BE}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{104F0CA5-787D-4DB9-8E05-F1A869A07003}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{15B0665A-AF39-4B7F-9D99-06C5E144AAEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1986A523-AD02-4321-B474-B30F46A41AA3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{19B66238-4553-4E4E-8ED6-93BFAFCD1787}" = lport=138 | protocol=17 | dir=in | app=system |
"{1A99586D-5737-43E0-8AED-7F1A23B2CF9F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C30E212-2EBB-4550-82F9-1C45AD1C6A16}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DF8D162-6D5F-496B-A06F-11A038DC0BD6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20654007-8EB2-430F-8B8D-639C050DD738}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21C391D8-A43D-487A-BF54-3F8EA3CF9843}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{284500B9-9343-4F50-94B2-21D03619F785}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{2A168ED6-1D50-4273-BF8C-3A2A52803FF7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2CE5116C-E477-4B0A-A209-778E24FF6D83}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{40D8D571-8A4F-4D74-A98D-FB64FED2DE0E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49066B2D-AA55-4756-8F2F-D4523FF779AD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{497EF4F9-858E-459E-8E94-D47758C677F3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4AD52B7F-48D9-4290-AF14-4DC0707CD412}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4CEADA5B-C363-40F6-9A59-DCD6B41DA45C}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{4FA2ACD9-4080-4E79-BE8F-B32291A1B64F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{519C2534-12F2-4B7A-BBCA-C3DC2A1D39A5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{53B45BBA-96ED-4DBA-94D9-2737E38212EA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{55AEABAB-9CDA-4DF0-94BD-40838C99FE43}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59A0655D-298A-498D-A42B-5A715ACDCA14}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59ACAD3E-DD34-4EC7-BA00-BA32DD5E2DB0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5E85F673-0F75-49E2-9101-A0D31DA118AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5ECFAECD-A640-4324-8A67-37C9466258B9}" = lport=27015 | protocol=6 | dir=in | name=team fortress dusty 1 |
"{6149EB21-DBA3-491A-A688-52E3709A44A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64C5B16B-90AA-4D6C-AF08-7E390E415D34}" = rport=137 | protocol=17 | dir=out | app=system |
"{651877AE-57B8-4A25-89A7-1251873D0B12}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6592BDC9-F3EE-4D6F-A01C-566B8E4467EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A854674-2DB8-4368-AD3F-67816812BF20}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6DB4A35E-ADC3-4300-9B00-5C4A2B2BCE71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{728851E9-1F6C-428C-92F9-B0350531D020}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{766133E6-341A-4344-B3D8-C49F4114031C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86856D0C-0B22-4852-8DC5-1A8C6D3E4FDD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{871E2986-1385-425B-9A08-F9C8A1E1F18C}" = lport=445 | protocol=6 | dir=in | app=system |
"{90B2AF4C-4CDC-4C46-A0A0-976ADCDAE4B4}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{91399D3E-BE0F-4E53-9EE0-E45C73EE2CD4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{950D993C-0F42-4B06-A20A-9B0BAF370FD9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B9E6302-6058-4C83-8635-910EE785913F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A22E579E-A04E-4222-A2CE-71C4BA21FE1C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3246385-0E2B-43DB-8647-6B6C9AC6D2E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AAF334C0-2C93-4056-B57B-CE0EE199C2D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B08022F4-74F5-457D-84E8-C6F52D93C0E0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B940C9E4-1184-46D4-812B-21745B8347D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDA1E178-B4B7-4462-B2E4-042B3AFF449E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BE612094-7008-423E-9F51-9085D44438F7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0E72ECF-DF9F-46C8-8225-DAF3EE512EBF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2BF6744-F785-40FC-9032-A036F1EB78EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CB19842F-FDF3-4FC8-AC31-0FA5CD475DF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CE70B2A4-CA54-4CDD-BD5A-BE3F492CF1C0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D4700618-35F9-42F5-832D-F9863701F882}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5739E21-D88C-442E-B83E-B3A3EA8B6B64}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D9E0A50F-B666-4C69-83D8-A95A05C4A74D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DA510A25-F8FC-4664-9B44-D9F7B6B0BC86}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF371E8A-229B-4593-B5B6-D6822ACFC77C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E26A978C-BBD2-4891-A8AE-64FB48924B28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5CED849-10DE-4E36-A9AC-88F827C691E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E8D9AC9F-7761-416F-AEB1-C3BD60F6C476}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{EB02D9DE-4AF1-44FC-86E4-6B195BD19F19}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE81260A-DAB4-4529-ACDB-62BE0CBC940D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA5137B3-256C-4691-8768-AB5F0A82AC4D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016C5328-7705-4655-BEBD-68552B16F837}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{0185CF87-D064-4D85-BEF5-249CDD100F89}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{056D1A6D-410E-492F-A62D-6A3147A8241F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{081AB58D-E644-4117-BF53-D0BD8228A3CC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{082601AC-6459-4C2B-9215-D51F2E88F2DA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{083E8DE5-7E39-4E82-84E9-5C00AD6411D4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{08AEEF6F-1C01-491D-A7C7-62B602334C27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08E02042-098A-447B-837C-D63BE2C46198}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{0A36DF23-B126-4FBE-A4E7-4CD3166D1862}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0BF1FC07-527B-4CFE-BDB6-F18B2B014E09}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0C90DF1D-DE14-4BB1-80B6-43317F6DA382}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0DB30334-62CE-4078-95C9-09409E7C176E}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{0ED372D7-AFB5-4943-8864-AF9988808BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{11D424BC-D94E-476F-A8F4-E3122A3F3123}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{124D2FC8-D50B-4162-99D6-97AA409FFC3A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{133CD4CC-CD94-4596-B1CB-FD0CF5A5C059}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{14941412-17A6-47B1-A533-89CAAAE4F135}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{1548803C-2E4A-40D5-BE26-F99EDA866875}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{15CA1FE7-82C1-4A4D-97A4-6CF8241DEA19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{15D8FF8E-8DCA-4809-AD6F-F0FE2665ED7B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1628F6B6-87EB-41CC-834B-AF61E6E2CF97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{18ED042E-5F5E-4F66-B70A-CB64900DEE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{1CA60E6E-13F8-4163-B481-49A83EB8F484}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{2180E47A-0762-4615-8169-E9E6BE32D8D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{23535BE2-5B31-473E-9D40-2E106AD9946D}" = dir=in | app=c:\program files (x86)\dimdim\plugin\application\dimdim.exe |
"{24A4622A-08E8-4566-B52F-82054EB6895F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{2672E763-28A1-4ED1-B12F-21B83EFE7B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |
"{27FEA2FD-F10C-4E9C-ABF8-89E19093A798}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2DB8D9C7-01A4-4CC0-A09A-9D00F115A06F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{36823B23-C27D-46A3-918F-2874D4BD5ED0}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{37B08225-B37A-479D-AA75-551FFADEA719}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{37B45B3A-149C-4EEB-A494-DDB4F3EE3808}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{3A461BB1-F64B-4ADD-B31C-FF005A5A76C8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3C6BF960-96CF-4B26-B82C-7ACFAB1C6562}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D9A1768-727E-46C4-8836-7092C9F6E7AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3D9E7A82-2DE9-47BB-953C-1B033772C0D4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{3F377B6A-AF09-4480-8BA6-EE3362C46376}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F3F011B-9A9C-455B-83AD-556959F81137}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{4269FFCC-1EAE-4E52-9092-54A72BE6F24E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4461B33D-F8DC-4A73-83DE-673EC6302DB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4510C01D-6561-4C98-BDE3-3E60D9E0307F}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4597EBEF-05B2-4380-BED9-E09973654101}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{46DA464B-A8EC-45FE-9C29-0E602BAD7217}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46FF6A15-BA4F-4F2F-B0B0-DA3DC69A2179}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4AA207E6-71E9-4DEC-AA62-62902A675843}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4B6D9F6A-C170-44AD-8A94-8CB9256B0DD2}" = dir=in | app=c:\program files (x86)\dimdim\plugin\application\myscreen.exe |
"{4D14BBE2-AD20-45DD-BD3C-D18142EC96DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{4FF40FC5-902F-4761-9667-87116F56F3F2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{51FDBB9D-8AD0-4D50-9E45-D556914EB6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{523D2BDF-B129-44B2-94BA-9E3F0F874AF9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{56FBCE4F-CE57-44F9-A51A-53101CA3E8B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{570D6AEB-11D5-4A83-B6E7-95829D110735}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{58EFDC91-4373-4351-9868-93B04D9E64CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A79D158-0FB1-4F90-8F29-3AF40888020C}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5B97FA6D-BBCE-41B1-B909-E7406B647A36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{60A1FD40-9573-4F12-AB25-21FF5977143D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{614F7B2F-1B37-49D4-A198-619BEC9B3CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{61FAE85B-BDBE-46F0-B2BA-A8B4C58A8EFC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{646685E7-B3D1-4060-B49A-7E369A674BE8}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{6541BEA9-A10A-455C-9369-994480A1C2F2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{6554E4D6-12FC-4A88-8EA2-1F057DFF38A6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{660BEC9A-A3D5-4CA4-81F6-23A71E249BAD}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinemessageservice.exe |
"{6C07FCD7-6239-461D-A910-3BE24C5E4ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{6CA9F388-DAAE-42BA-9BC7-45B232022612}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F4ACA26-B9CF-4E59-9178-E594E0F27DAA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74E7CB58-4E99-4927-9E47-8AAF0773C9B7}" = dir=in | app=c:\programdata\dimdim\updater\next.exe |
"{790D5D88-19C5-4D6C-A941-0DAB4FADCBBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |
"{7AE9DDEC-4864-47CE-AAAF-9BEC0B0135CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7B3CC86B-CD07-4491-8C86-FF9155BB2FCD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{7E13053E-697F-4D6F-9C07-1649F47713A9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{7F5F9C26-C571-4A6F-9AB5-8DA568A7F659}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |
"{81C3082D-8ACB-471F-B282-62A934D1CAC9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{83DEEB5F-78C0-4B2B-8836-7DEF219FC8C1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8462E9A9-25E3-4D6E-A0AE-08F9E319C80B}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{84DD8C4F-768B-4BE9-8720-CE012927CE80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{86D82B1E-8FE2-4926-9617-04578D92A9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{873714E6-ECB2-42E4-9BD2-E760E7507003}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8921B150-FE67-432A-B582-04283BC1E7D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9239B224-A93E-4022-8028-03E1BF2D928C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{92EF9AC4-A94F-4F8B-A1B6-438A1B7DE983}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93F9839F-500F-4557-BB9B-1F36AF6C0F9E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{94165F84-694F-4AFD-81AC-63094ECCBF75}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{9A133390-D298-4DF3-8580-3CBF38F58CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{9A94FEA1-3249-4BC3-AD94-7D5D0708B0E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{9E760A38-C9B7-4334-BAFF-F6A2C84DCE60}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{A5DD9910-88C7-4375-878D-226FFEF83B81}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{A7782825-381E-4641-9044-84FEC22B7667}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A96035EB-87BF-4926-B0EC-E6C0C604DC7D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A9C8E12B-8764-4E61-9F5E-C1AC464FD4F9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AAFB2DED-3CD6-4EE4-AFF4-838F95AF7FB8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{AE217115-C2A4-421E-A3C5-6BB7D23E3BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AEF4DA5E-1C63-43B9-8DC4-39B063027838}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{B00C3C76-DA7A-46E1-AC28-755A7FCB9B3B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0FE208C-7C38-4C31-AF28-D420DECF0C29}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\turbine download manager\turbinenetworkservice.exe |
"{B1218832-EF19-4EDC-813A-320F0883EE7D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B30820D3-4A4B-441E-A544-2F29535A3D63}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B46A4ACF-7004-4990-AD85-F1615DE60D17}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{B6768549-319E-4C61-B669-04EC2C384CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B6A9B572-9C7A-408A-9C8F-99FB09AEDFE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{B826A1B4-7ADA-4421-81BC-2E3958CC3900}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BACCA18A-A82C-404A-B1D4-92863ADC4CFE}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{BDAAF54C-2BFB-443F-9169-5D8B7C2B820F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{C28AB30D-D647-4FAE-9B13-01B972E15CA5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C76B6B7A-9430-443B-8DF6-04EC2CCE56BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{C8AE0D53-43D8-4D97-85E9-4558DDBFAB48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{C9165C3B-BC64-4066-AC26-0E488A2CC5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{CABD1176-28A3-41DD-A9DF-CD145A80BDAC}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{CBB0D8C3-B1D0-49DA-AF9A-A592F36AE1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{CC86CCCB-0B9A-4249-89DC-E999F0C6B762}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{CE6C1B58-74C4-4082-9CA2-0BF513DA5707}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF5D373B-39F7-42EC-8C6B-5F8D1E1BE617}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{CF625444-A942-4CF6-B08F-158F2909B183}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D0D784FF-A89B-43DA-A161-4334C195FE87}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1A133FA-0448-4079-8DD0-4ECD01F63C09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{D284AB91-82B5-4109-BA4C-FA4CFB170B34}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{D2F5A4B0-A6CA-49CE-951C-1B2AD25C0310}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6431041-E476-4503-8BBD-283165A7264C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA07188C-F53E-4BB6-857C-3E249992326A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB91ED5F-25B4-45B8-BC9C-AEDE7D1ADB50}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{DE0EA702-9FF7-47DD-A5FF-7AE8E37DFCE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DE4A5754-FD4D-4F1B-B4C4-196095D3AF78}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF9B51E1-0A95-49A2-AD4B-F74B1D12D412}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E18D4D7E-D896-4DE2-816D-F1CC24B736DC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E55DCA1C-8914-40CD-9A9D-3067D7B48243}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7661AA1-9B3E-4F90-AE08-97D9E60B72C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE0E48D5-B9AC-474A-92B1-45F8A2D75DAC}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{EF2B554F-FA18-4761-ADC2-9785FB00EC0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{F005F634-FF4B-42F5-9EB9-E8E7B0A3C786}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{F042E006-11F9-4E53-AE06-05888245F227}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |
"{F20145A3-596D-4385-8C94-C27E1BBC424A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{F7AC0FD0-4838-4A0A-8449-926B1E010418}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7ED50CC-D5DA-430A-805D-03C9009748AB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{F839E44B-D4C8-4314-915D-93D3F4DBB0AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F8DE462D-F34A-41C5-B596-6B38A27C5570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{FAF791D0-E77E-49D1-9F82-408BFD5A7D3D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB3ABE90-C8F7-4E0E-AAC0-EFAB4E507F96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{057CA01C-F688-4A22-BFE6-44E6E85F6A5A}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{0C4AADCF-8F05-4B4A-81E0-6044C66533ED}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{158F85B1-86D5-4118-ADC4-85A33378E271}C:\program files (x86)\sony\everquest\eqgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest\eqgame.exe |
"TCP Query User{19C2ACC9-86AB-4220-A8B0-B8395644A3B2}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe |
"TCP Query User{1ED5573D-A2E9-42C7-93C7-CFAB7C4169FB}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{2E34253A-219F-4DB8-8D6C-EC235984E633}C:\program files\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"TCP Query User{55EFB715-F12B-47FD-B227-F2B831C82660}C:\users\user\appdata\local\temp\blizzard launcher temporary - 9e5f7e90\launcher.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\blizzard launcher temporary - 9e5f7e90\launcher.exe |
"TCP Query User{60F45C7D-2F7B-4DBE-933D-211F514C8E09}C:\program files (x86)\sony\everquest\eqgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest\eqgame.exe |
"TCP Query User{AFAC8292-83CE-4858-94DC-71FA83F89253}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{B1A2ECAE-C0DD-4AC7-A574-9D943C244227}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{C3EC6008-E2D9-4EEB-BA28-17E4537AACFC}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{C4501B1F-AD09-4851-B7D0-8F6A993D8027}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{C529F50C-C0FD-4FC6-B58E-F33820C1BD50}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{CF277DC3-46FD-4745-8FD3-5037BA6DC912}C:\program files (x86)\steam\steamapps\geistrath\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\geistrath\team fortress 2\hl2.exe |
"TCP Query User{D657EC32-8778-497C-8A87-48594DBB0739}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{DD360D6E-F5EE-4AC8-952F-FCCC8456CB20}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EAA11590-1B37-4047-82A9-108713016D79}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{EEBEC794-8159-4F17-9CE1-9E35D2E48F6F}C:\users\user\appdata\local\temp\blizzard launcher temporary - a5ceced0\launcher.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\blizzard launcher temporary - a5ceced0\launcher.exe |
"TCP Query User{F7DA37BF-5D77-4243-BC7E-9CCCD7CAFDB9}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{0759E8CB-DCDA-4376-83E0-D1D679F5A0B4}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{09B791BA-6A7F-4A7A-82C7-EE048431A802}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{28E641CF-67B4-45A6-990B-C4162CD7727F}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{37A509F7-575A-444D-9A98-F66F9B3CDFE1}C:\program files\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"UDP Query User{43958E21-D95C-48F6-B91A-414006727E6D}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{46969CE5-8E36-49E3-A5E5-FE5E2814A0FC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{54586937-B8B4-441C-913A-3C50B7482AF2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{753F3325-2B03-4836-9DE3-C1C951A37145}C:\users\user\appdata\local\temp\blizzard launcher temporary - a5ceced0\launcher.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\blizzard launcher temporary - a5ceced0\launcher.exe |
"UDP Query User{7A94007D-AAB9-40DC-BB49-AA297FB1766F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A3A37BF7-46F1-41EB-89D8-15508F376E76}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{A7C72606-DD6D-42BA-9429-2F45F1498F27}C:\program files (x86)\sony\everquest\eqgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest\eqgame.exe |
"UDP Query User{ADA6F21C-B066-4107-A582-08DE2A75F473}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{B2176857-0ED1-4D12-89C2-57DFAE063543}C:\program files (x86)\steam\steamapps\geistrath\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\geistrath\team fortress 2\hl2.exe |
"UDP Query User{B887C38B-940C-4D5B-9FEC-50521BCD6F2F}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{C37A3992-7868-47BE-8148-961BD71A4B0C}C:\program files (x86)\sony\everquest\eqgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest\eqgame.exe |
"UDP Query User{C4B70FD9-5CB4-4874-9006-3562BA358A49}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{C4BC85FF-F5BE-414A-8E8F-EBFBCC5C1287}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{D81A49B9-058D-42CF-B7F7-ED49A0399E5E}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe |
"UDP Query User{EC212C98-C6A6-4946-B164-46177107F0BD}C:\users\user\appdata\local\temp\blizzard launcher temporary - 9e5f7e90\launcher.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\blizzard launcher temporary - 9e5f7e90\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.4.0002
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B78FBA0-94A1-42D1-9920-68101DBA2661}" = TransferMy Video
"{2BDFC179-CA30-4888-B16E-DD995C9A3473}" = Mobile Mouse Server
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37180433-5AC2-4684-ABBD-AB7D36F740B7}" = TransferMy Video
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{958AF490-810C-4D3E-AA82-EBA2CE41DA20}" = Station Launcher
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9C641B6-DB5C-4C84-B6C9-9540388DA0DA}" = WebMeeting Plug-in
"{CB000D9F-3BBA-4361-A550-7DCCED1409AC}" = MapleStory
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anarchy Online_is1" = Anarchy Online
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.5
"AVI To PSP Converter_is1" = AVI To PSP Converter 1.00
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eufloria 2.00" = Eufloria 2.00
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"FULL CLIENT1.0" = FULL CLIENT
"Furcadia" = Furcadia
"GIF Viewer" = GIF Viewer 3.2 (v2)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"MagicDisc 2.6.93" = MagicDisc 2.6.93
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"MobileVT_is1" = MobileVT 3.4
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 Surgeon_is1" = MP3 Surgeon 2004
"MP4 Player" = MP4 Player
"MUSHclient" = MUSHclient (remove only)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"RayV" = DTVblizzcon
"RealPlayer 12.0" = RealPlayer
"RebirthRO Full Client 6.0" = RebirthRO Full Client
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"StarCraft II" = StarCraft II
"Steam App 17460" = Mass Effect
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 220" = Half-Life 2
"Steam App 24980" = Mass Effect 2
"Steam App 2500" = Shadowgrounds
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 41300" = Altitude
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 630" = Alien Swarm
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 8980" = Borderlands
"Trickster Online" = Trickster Online
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WavePad" = WavePad Sound Editor
"WebMeeting Plug-in" = WebMeeting Plug-in
"Winamp" = Winamp
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2482396236-3880700520-2376781461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2011 11:00:16 AM | Computer Name = ibuypower | Source = System Restore | ID = 8193
Description =

Error - 1/5/2011 11:00:22 AM | Computer Name = ibuypower | Source = System Restore | ID = 8193
Description =

Error - 1/5/2011 12:48:49 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 12:48:49 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 3:16:38 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 3:16:39 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 3:16:39 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 10:33:32 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 10:33:32 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/5/2011 10:33:32 PM | Computer Name = ibuypower | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ Media Center Events ]
Error - 9/9/2010 8:44:37 PM | Computer Name = ibuypower | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 11/1/2010 9:28:16 PM | Computer Name = ibuypower | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/16/2010 9:21:11 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7000
Description =

Error - 12/16/2010 9:21:11 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7009
Description =

Error - 12/16/2010 9:21:11 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7000
Description =

Error - 12/16/2010 9:28:47 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7009
Description =

Error - 12/16/2010 9:28:47 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7000
Description =

Error - 12/16/2010 9:28:47 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7009
Description =

Error - 12/16/2010 9:28:47 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7000
Description =

Error - 12/18/2010 9:25:54 AM | Computer Name = ibuypower | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00221555ACF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/2/2011 11:41:11 AM | Computer Name = ibuypower | Source = BROWSER | ID = 8032
Description =

Error - 1/5/2011 4:14:00 AM | Computer Name = ibuypower | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 10 January 2011 - 03:09 PM

Hi,

do you know what this file is: C:\ProgramData\OQfTPvgW?

Otherwise your logs are looking clean.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 MobileMem

MobileMem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 10 January 2011 - 04:03 PM

Thats the one that popped up on the virus scanner when I first got the infection!

It stopped appearing on the scan after the restore point!

Edited by MobileMem, 10 January 2011 - 04:04 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 10 January 2011 - 04:18 PM

Please delete that file, then run a complete scan with AVG and let me know if that file gets picked up.

It looks as if this is an unactive leftover of the infection and can be deleted by hand.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 MobileMem

MobileMem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 10 January 2011 - 07:53 PM

AVG found another Trojan after a full scan that it did not find before called Trojan Horse Generic20.BKPQ

File is in Temporary Internet Folder. File is called 448-direct[1].txt

It said it was Healed.

Edited by MobileMem, 10 January 2011 - 08:05 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 11 January 2011 - 09:41 AM

Hi,


files in the temporary internet cache don't necessarily mean that you are or have been infected.

Just to be safe please also run a scan with the Eset online scan:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

But I believe that the infection has been permanently disabled.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 MobileMem

MobileMem
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 12 January 2011 - 04:52 PM

No threats found.

Seems I'm clean.

I am a bit surprised a simple restore point fixed the issue, but I am not complaining.

Thank you for your time and most of all the peace of mind you have given me.

-Cased Closed-

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 13 January 2011 - 07:41 AM

Hi,

before closing this there are two things I'd like to cover with you.

The first is outdated software. They are a way into your system for malware and I would recommend that you update both your Adobe Reader and your Java install:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

As a second item, I would like you to remove the tools we used as you no longer need them:

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:

  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:
Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 PM

Posted 31 January 2011 - 09:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users